Edit tour

Windows Analysis Report
Inquiry-140-120.xla.xlsx

Overview

General Information

Sample name:Inquiry-140-120.xla.xlsx
Analysis ID:1654281
MD5:184b186803e3cd34f34952ade6ed8f1d
SHA1:ae81de594f4f3b1e32eb5e5291fb28c3343a420c
SHA256:9ed36f226beb7031af2c4fc6beea0aa61180d56b4649acda65927c8b2aba7f90
Tags:xlaxlsxuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Excel sheet contains many unusual embedded objects
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • EXCEL.EXE (PID: 7900 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 4792 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 7308 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Inquiry-140-120.xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.40, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7900, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49729
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.4, DestinationIsIpv6: false, DestinationPort: 49729, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7900, Protocol: tcp, SourceIp: 13.107.246.40, SourceIsIpv6: false, SourcePort: 443
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-04-02T09:00:39.455612+020020283713Unknown Traffic192.168.2.44972913.107.246.40443TCP
2025-04-02T09:00:47.726914+020020283713Unknown Traffic192.168.2.44973013.107.246.40443TCP
2025-04-02T09:00:47.731645+020020283713Unknown Traffic192.168.2.44973113.107.246.40443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Inquiry-140-120.xla.xlsxReversingLabs: Detection: 13%
Source: Inquiry-140-120.xla.xlsxVirustotal: Detection: 14%Perma Link
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.4:49731
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 13.107.246.40:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 13.107.246.40:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49729 -> 13.107.246.40:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: Inquiry-140-120.xla.xlsx, FD230000.0.drString found in binary or memory: https://Linkedindfksdjkfweifgjhdfhgjuhuegfdjghjfhjghdfjghhuhfdgjhjfhggjhfguhdfjgjffhjhghjvcubrejhh.d
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.4:49729 version: TLS 1.2

System Summary

barindex
Source: Inquiry-140-120.xla.xlsxOLE: Microsoft Excel 2007+
Source: ~DFD54AE0D10CAD2392.TMP.0.drOLE: Microsoft Excel 2007+
Source: FD230000.0.drOLE: Microsoft Excel 2007+
Source: Inquiry-140-120.xla.xlsxOLE indicator, VBA macros: true
Source: Inquiry-140-120.xla.xlsxStream path 'MBD004F80F4/\x1Ole' : https://Linkedindfksdjkfweifgjhdfhgjuhuegfdjghjfhjghdfjghhuhfdgjhjfhggjhfguhdfjgjffhjhghjvcubrejhh.dOC@kuhlinks.de/G15BaN5'pSDlP}&m)ZOSFcwS4jkFwRCfxnHS5mdAol2b8E6H5N40vQS2sXW6bJoujUuMEwzSCkxJKFqhSsJVygygSFiO4EWMi7aLk1sBdHkBdgoCZRCJdIZOSHt0c5yMCFGh1HvGILmF8GwhhdgWwsXxjDFAOXADkcGGih5btG2B4cBvsZhtjpFUbwXpL3CGUHqO59GARcA4I5iqGOfR1KLrmhKLWxGtqlizZ8b0N5YepprFVZktPLV9Zukfo06hln{oTf4Ny"up
Source: FD230000.0.drStream path 'MBD004F80F4/\x1Ole' : https://Linkedindfksdjkfweifgjhdfhgjuhuegfdjghjfhjghdfjghhuhfdgjhjfhggjhfguhdfjgjffhjhghjvcubrejhh.dOC@kuhlinks.de/G15BaN5'pSDlP}&m)ZOSFcwS4jkFwRCfxnHS5mdAol2b8E6H5N40vQS2sXW6bJoujUuMEwzSCkxJKFqhSsJVygygSFiO4EWMi7aLk1sBdHkBdgoCZRCJdIZOSHt0c5yMCFGh1HvGILmF8GwhhdgWwsXxjDFAOXADkcGGih5btG2B4cBvsZhtjpFUbwXpL3CGUHqO59GARcA4I5iqGOfR1KLrmhKLWxGtqlizZ8b0N5YepprFVZktPLV9Zukfo06hln{oTf4Ny"up
Source: ~DFD54AE0D10CAD2392.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow title found: microsoft excel okexcel cannot open the file 'inquiry-140-120.xla.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.
Source: classification engineClassification label: mal52.winXLSX@4/9@1/1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Inquiry-140-120.xla.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{263B52BD-C3A5-4727-9781-C921D45D3A47} - OProcSessId.datJump to behavior
Source: Inquiry-140-120.xla.xlsxOLE indicator, Workbook stream: true
Source: FD230000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: Inquiry-140-120.xla.xlsxReversingLabs: Detection: 13%
Source: Inquiry-140-120.xla.xlsxVirustotal: Detection: 14%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Inquiry-140-120.xla.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: Inquiry-140-120.xla.xlsxStatic file information: File size 1208832 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: ~DFD54AE0D10CAD2392.TMP.0.drInitial sample: OLE indicators vbamacros = False
Source: Inquiry-140-120.xla.xlsxInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: Inquiry-140-120.xla.xlsxStream path 'MBD004F80F3/Package' entropy: 7.98990927524 (max. 8.0)
Source: Inquiry-140-120.xla.xlsxStream path 'Workbook' entropy: 7.99911637225 (max. 8.0)
Source: ~DFD54AE0D10CAD2392.TMP.0.drStream path 'Package' entropy: 7.99105251448 (max. 8.0)
Source: FD230000.0.drStream path 'MBD004F80F3/Package' entropy: 7.99105251448 (max. 8.0)
Source: FD230000.0.drStream path 'Workbook' entropy: 7.99806129035 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 781Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
Valid Accounts3
Exploitation for Client Execution
1
Scripting
1
Process Injection
2
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection
Security Account Manager1
Application Window Discovery
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDS1
File and Directory Discovery
Distributed Component Object ModelInput Capture3
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1654281 Sample: Inquiry-140-120.xla.xlsx Startdate: 02/04/2025 Architecture: WINDOWS Score: 52 17 star-azurefd-prod.trafficmanager.net 2->17 19 shed.dual-low.s-part-0012.t-0009.t-msedge.net 2->19 21 3 other IPs or domains 2->21 25 Multi AV Scanner detection for submitted file 2->25 27 Excel sheet contains many unusual embedded objects 2->27 7 EXCEL.EXE 185 59 2->7         started        11 EXCEL.EXE 50 47 2->11         started        signatures3 process4 dnsIp5 23 s-part-0012.t-0009.t-msedge.net 13.107.246.40, 443, 49729, 49730 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 7->23 15 C:\Users\user\...\~$Inquiry-140-120.xla.xlsx, data 7->15 dropped 13 splwow64.exe 7->13         started        file6 process7

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
Inquiry-140-120.xla.xlsx14%ReversingLabs
Inquiry-140-120.xla.xlsx15%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://Linkedindfksdjkfweifgjhdfhgjuhuegfdjghjfhjghdfjghhuhfdgjhjfhggjhfguhdfjgjffhjhghjvcubrejhh.d0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0012.t-0009.t-msedge.net
13.107.246.40
truefalse
    high
    s-0005.dual-s-msedge.net
    52.123.128.14
    truefalse
      high
      otelrules.svc.static.microsoft
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
          high
          https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
            high
            https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
              high
              NameSourceMaliciousAntivirus DetectionReputation
              https://Linkedindfksdjkfweifgjhdfhgjuhuegfdjghjfhjghdfjghhuhfdgjhjfhggjhfguhdfjgjffhjhghjvcubrejhh.dInquiry-140-120.xla.xlsx, FD230000.0.drfalse
              • Avira URL Cloud: safe
              unknown
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              13.107.246.40
              s-part-0012.t-0009.t-msedge.netUnited States
              8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1654281
              Start date and time:2025-04-02 08:58:19 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 5m 2s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsofficecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Run name:Without Instrumentation
              Number of analysed new started processes analysed:26
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:Inquiry-140-120.xla.xlsx
              Detection:MAL
              Classification:mal52.winXLSX@4/9@1/1
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              Cookbook Comments:
              • Found application associated with file extension: .xlsx
              • Found Word or Excel or PowerPoint or XPS Viewer
              • Attach to Office via COM
              • Active ActiveX Object
              • Active ActiveX Object
              • Scroll down
              • Close Viewer
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, audiodg.exe, sppsvc.exe, ShellExperienceHost.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 184.31.69.3, 52.109.8.89, 23.204.23.20, 52.109.13.127, 20.42.73.28, 20.50.201.205, 52.123.128.14, 204.79.197.222, 172.202.163.200, 40.126.24.84
              • Excluded domains from analysis (whitelisted): fp.msedge.net, slscr.update.microsoft.com, cus-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, eus-azsc-000.roaming.officeapps.live.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.com, us1.roaming1.live.com.akadns.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, onedscolprdeus15.eastus.cloudapp.azure.com, onedscolprdweu13.westeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, mobile.events.data.trafficmanager.net
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtCreateKey calls found.
              • Report size getting too big, too many NtQueryAttributesFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadFile calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
              TimeTypeDescription
              03:00:40API Interceptor824x Sleep call for process: splwow64.exe modified
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
              • www.aib.gov.uk/
              NEW ORDER.xlsGet hashmaliciousUnknownBrowse
              • 2s.gg/3zs
              PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
              • 2s.gg/42Q
              06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
              • 2s.gg/3zk
              Quotation.xlsGet hashmaliciousUnknownBrowse
              • 2s.gg/3zM
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              s-0005.dual-s-msedge.netRevised - Buncombe county government 2025 Handbook33469.docGet hashmaliciousUnknownBrowse
              • 52.123.129.14
              VUE-KMH-462E Missed Amex Entry-Mar-25 1.xlsmGet hashmaliciousUnknownBrowse
              • 52.123.128.14
              VUE-KMH-462E Missed Amex Entry-Mar-25 1.xlsmGet hashmaliciousUnknownBrowse
              • 52.123.129.14
              Inquiry-140-120.xla.xlsxGet hashmaliciousUnknownBrowse
              • 52.123.129.14
              http://benedictocollege1-my.sharepoint.com/:f:/g/personal/ryacassey_montillano_benedictocollege_edu_ph/EqNqk_rEp1RHm2UFQLxbuYoBbS5GFhosjapIHgSzIrrsZQ?e=4SvNeCGet hashmaliciousUnknownBrowse
              • 52.123.129.14
              Message.emlGet hashmaliciousUnknownBrowse
              • 52.123.129.14
              Inquiry-140-120.xla.xlsxGet hashmaliciousUnknownBrowse
              • 52.123.128.14
              Inquiry-140-120.xla.xlsxGet hashmaliciousUnknownBrowse
              • 52.123.128.14
              s-part-0012.t-0009.t-msedge.netNotification.DocxGet hashmaliciousUnknownBrowse
              • 13.107.246.40
              https://www.terrabellaseniorliving.com/terrabella-little-avenue/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
              • 13.107.246.40
              https://sprayfoamsys.com/service-center/Get hashmaliciousUnknownBrowse
              • 13.107.246.40
              Provider Document.htmlGet hashmaliciousHTMLPhisherBrowse
              • 13.107.246.40
              https://microwaveeng-dot-m365view-318723.uc.r.appspot.com/Get hashmaliciousHTMLPhisherBrowse
              • 13.107.246.40
              https://sprayfoamsys.comGet hashmaliciousUnknownBrowse
              • 13.107.246.40
              VUE-KMH-462E Missed Amex Entry-Mar-25 1.xlsmGet hashmaliciousUnknownBrowse
              • 13.107.246.40
              VUE-KMH-462E Missed Amex Entry-Mar-25 1.xlsmGet hashmaliciousUnknownBrowse
              • 13.107.246.40
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              MICROSOFT-CORP-MSN-AS-BLOCKUShttp://free-calendar.suGet hashmaliciousUnknownBrowse
              • 20.253.86.149
              Notification.DocxGet hashmaliciousUnknownBrowse
              • 20.189.173.13
              https://www.terrabellaseniorliving.com/terrabella-little-avenue/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
              • 13.107.42.14
              http://xxxjknams53w.z13.web.core.windows.netGet hashmaliciousTechSupportScamBrowse
              • 20.150.90.65
              https://516jm1zm.r.sa-east-1.awstrack.me/L0/https:%2F%2Fcloud.screenconnect.com.by%2FMMvmajre/1/01030195ed466068-b7faa7cb-1833-4388-bad8-b1418ddcc4cd-000000/XFv4Glw7SIWsIew07KwB0pk-9m0=204Get hashmaliciousUnknownBrowse
              • 13.107.42.14
              https://wetransfer.com/downloads/2971136d8b665852eb1f874db092eba220250401114650/596f3cb65b7858fdbbd45a98e463335420250401114650/9efedd?t_exp=1743767210&t_lsid=52fe332d-a748-433b-8af3-fc8487bab09a&t_network=email&t_rid=ZW1haWx8YWRyb2l0fDg1MzA4Yzg5LWMzYjktNDZiZS04MWU5LTViYTJmN2Y1ZjMyZg%3D%3D&t_s=download_link&t_ts=1743508010&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01Get hashmaliciousUnknownBrowse
              • 20.40.202.2
              https://sprayfoamsys.com/service-center/Get hashmaliciousUnknownBrowse
              • 20.110.205.119
              Provider Document.htmlGet hashmaliciousHTMLPhisherBrowse
              • 40.126.29.15
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              a0e9f5d64349fb13191bc781f81f42e1154f93e4c9e4b381833ea400527326dbe.bin.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.40
              Chrome 134.0.6999.62244.jsGet hashmaliciousNetSupport RATBrowse
              • 13.107.246.40
              Nm2wVlga2fGet hashmaliciousUnknownBrowse
              • 13.107.246.40
              set-up.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.40
              Activated Setup.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.40
              Setup.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.40
              Setup_patched.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.40
              set-up.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.40
              Setup.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.40
              No context
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):118
              Entropy (8bit):3.5700810731231707
              Encrypted:false
              SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
              MD5:573220372DA4ED487441611079B623CD
              SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
              SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
              SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
              Malicious:false
              Reputation:high, very likely benign file
              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:data
              Category:dropped
              Size (bytes):836
              Entropy (8bit):2.7151910322565733
              Encrypted:false
              SSDEEP:24:J3fIxk+vpKAk6ScvoGA8xpiOnAvJ5yoIHWK:h3+RfkpcvoGAYcvJ5LIHD
              MD5:92A7E6E963E0E668F6585E8694F68380
              SHA1:9CFB8F0EA9A80C54FEBF664E2E8DA3A20C6F5DAE
              SHA-256:F09EE04026948847263A11CC3D3276A676246EF074A985681DBEF03D76801482
              SHA-512:F3E94DC16458B4CE76A18D44360256A233CDF918A34FDB0AB3A85AF5FA3ADEB8B0BBB173CE658D8344939FE77AEB467C04D111A887424A65BA2833897DE3F4E2
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:1.1.9.,.1.2.5.,.2.5.5.0.5.0.8.8.,.1.1.9.6.3.7.8.,.3.7.4.6.3.7.6.,.1.7.8.8.6.5.8.,.7.0.0.9.9.8.4.,.3.0.0.4.9.2.6.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.2.3.7.1.6.5.1.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.1.1.1.1.,.6.3.6.4.3.3.7.,.1.0.0.1.,.6.5.4.0.2.1.5.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.2.4.6.0.9.2.5.8.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.6.3.7.1.6.9.4.,.2.7.1.5.3.4.9.7.,.5.9.2.2.3.4.2.3.,.1.5.6.1.9.5.8.,.5.7.9.9.9.6.6.1.,.5.8.4.2.5.8.6.0.,.2.7.3.6.0.0.9.5.,.6.3.0.6.3.0.9.9.,.6.3.6.4.3.3.0.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.1.6.5.7.4.5.3.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.2.,.1.0.6.9.5.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.7.7.1.6.5.7.,.1.3.5.2.5.8.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.3.2.0.5.9.2.7.6.7.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.1.1.9.6.2.9.3.,.
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:data
              Category:dropped
              Size (bytes):512
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3::
              MD5:BF619EAC0CDF3F68D496EA9344137E8B
              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
              Malicious:false
              Reputation:high, very likely benign file
              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:data
              Category:dropped
              Size (bytes):745472
              Entropy (8bit):7.9436174750117
              Encrypted:false
              SSDEEP:12288:TQJUmy+LwGY7DpT8Jspn4VEKtXYBY3irsH3E7S8x6e+elaWfGIc6YMRMtTXga:3mNLwGYnJ8JsCVEmUYya07SITTg+RIMe
              MD5:A08CC53A58B107B83A5F0268CA711283
              SHA1:997A7D4B05F9AD00E5F20A65CB1E8BB39674BC4F
              SHA-256:55FA0F92808017BB1EC21725FE1007195B6B843D7AE2249C634806AF21391EE6
              SHA-512:8CE749A83E501F9AAA5DB2D22AC0226160ED73B2F86C657D6300171885649601BCCE0A525365CEF416FACE981AE93629AC6B65156608FFA79693645B23C34CBB
              Malicious:false
              Reputation:low
              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Composite Document File V2 Document, Cannot read section info
              Category:dropped
              Size (bytes):737792
              Entropy (8bit):7.982848598143179
              Encrypted:false
              SSDEEP:12288:1QJUmy+LwGY7DpT8Jspn4VEKtXYBY3irsH3E7S8x6e+elaWfGIc6YMRMtTXga:NmNLwGYnJ8JsCVEmUYya07SITTg+RIMe
              MD5:A1BE5968718141E6B1D26AEF211AEEBE
              SHA1:15C33FEACB0B73F97C803E0DF38C4CB84E70941F
              SHA-256:E9AE3F49686A9BB1254F7719398D3A440201ABD42C0E1D4BB9C3CE4D21DB9512
              SHA-512:E6E55B55CAC25A5B309BF5DA4730C2740509EC315CD2771649E734027177A0AB64EB7F03F3E6FF935CAA64FB9D581AF0CFF12D32224559D0A7CA116CAE5A9636
              Malicious:false
              Reputation:low
              Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Apr 2 08:00:50 2025, Security: 1
              Category:dropped
              Size (bytes):981504
              Entropy (8bit):7.985651237978558
              Encrypted:false
              SSDEEP:24576:imNLwGYnJ8JsCVEmUYya07SITTg+RIMRuvn5ALgMb9g:EGYnJCgma/SeU+RIZMW
              MD5:B919040241E3A4A930689110BC1BEC59
              SHA1:79281BC061B0C1A7DFCB589C742F42D8120B252F
              SHA-256:3CD9C89E032C3DA1FE9943B3204D00558085429C74E92EACCF0D8DD6595B7AE6
              SHA-512:32F330E94B8E07150C8AD1148CBCBD2F0BFF97061E9924D88878299D0B28D198B327F0C65FA7ED8FFCD07B90A86F3FE34B73C54C9C4EC35F9334738A24DDCED1
              Malicious:false
              Reputation:low
              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:ASCII text, with CRLF line terminators
              Category:modified
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Apr 2 08:00:50 2025, Security: 1
              Category:dropped
              Size (bytes):981504
              Entropy (8bit):7.985651237978558
              Encrypted:false
              SSDEEP:24576:imNLwGYnJ8JsCVEmUYya07SITTg+RIMRuvn5ALgMb9g:EGYnJCgma/SeU+RIZMW
              MD5:B919040241E3A4A930689110BC1BEC59
              SHA1:79281BC061B0C1A7DFCB589C742F42D8120B252F
              SHA-256:3CD9C89E032C3DA1FE9943B3204D00558085429C74E92EACCF0D8DD6595B7AE6
              SHA-512:32F330E94B8E07150C8AD1148CBCBD2F0BFF97061E9924D88878299D0B28D198B327F0C65FA7ED8FFCD07B90A86F3FE34B73C54C9C4EC35F9334738A24DDCED1
              Malicious:false
              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:data
              Category:dropped
              Size (bytes):165
              Entropy (8bit):1.4377382811115937
              Encrypted:false
              SSDEEP:3:KVC+cAmltV:KVC+cR
              MD5:9C7132B2A8CABF27097749F4D8447635
              SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
              SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
              SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
              Malicious:true
              Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
              File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Apr 2 04:17:45 2025, Security: 1
              Entropy (8bit):7.982236826273992
              TrID:
              • Microsoft Excel sheet (30009/1) 47.99%
              • Microsoft Excel sheet (alternate) (24509/1) 39.20%
              • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
              File name:Inquiry-140-120.xla.xlsx
              File size:1'208'832 bytes
              MD5:184b186803e3cd34f34952ade6ed8f1d
              SHA1:ae81de594f4f3b1e32eb5e5291fb28c3343a420c
              SHA256:9ed36f226beb7031af2c4fc6beea0aa61180d56b4649acda65927c8b2aba7f90
              SHA512:054f22dc598fcaeef2585c53705208d0bf142386c6ab56d847b082948141a802f20a55b3382c3b252bb52a407931156577fcabc9deed647a52ae462b8a057bd3
              SSDEEP:24576:g6gA1jj+NpBQ2Ge9lkaWnBMlss4sFyzF/50Vc865eRuv:g6gAV+/BQzaWnBKPFy5/5oc865eg
              TLSH:AC452354B8AAD309D21384B191B3C8750A21BDE53A8EC5933BCD7B1D7132574BB9BC2E
              File Content Preview:........................>.......................................................................................................}...............a..............................................................................................................
              Icon Hash:35e58a8c0c8a85b9
              Document Type:OLE
              Number of OLE Files:1
              Has Summary Info:
              Application Name:Microsoft Excel
              Encrypted Document:True
              Contains Word Document Stream:False
              Contains Workbook/Book Stream:True
              Contains PowerPoint Document Stream:False
              Contains Visio Document Stream:False
              Contains ObjectPool Stream:False
              Flash Objects Count:0
              Contains VBA Macros:True
              Code Page:1252
              Author:
              Last Saved By:
              Create Time:2006-09-16 00:00:00
              Last Saved Time:2025-04-02 03:17:45
              Creating Application:Microsoft Excel
              Security:1
              Document Code Page:1252
              Thumbnail Scaling Desired:False
              Contains Dirty Links:False
              Shared Document:False
              Changed Hyperlinks:False
              Application Version:786432
              General
              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
              VBA File Name:Sheet1.cls
              Stream Size:977
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 49 13 e1 18 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Attribute VB_Name = "Sheet1"
              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
              Attribute VB_GlobalNameSpace = False
              Attribute VB_Creatable = False
              Attribute VB_PredeclaredId = True
              Attribute VB_Exposed = True
              Attribute VB_TemplateDerived = False
              Attribute VB_Customizable = True
              

              General
              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
              VBA File Name:Sheet2.cls
              Stream Size:977
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I . : . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 49 13 b2 3a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Attribute VB_Name = "Sheet2"
              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
              Attribute VB_GlobalNameSpace = False
              Attribute VB_Creatable = False
              Attribute VB_PredeclaredId = True
              Attribute VB_Exposed = True
              Attribute VB_TemplateDerived = False
              Attribute VB_Customizable = True
              

              General
              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
              VBA File Name:Sheet3.cls
              Stream Size:977
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I . p 1 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 .
              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 49 13 70 31 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Attribute VB_Name = "Sheet3"
              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
              Attribute VB_GlobalNameSpace = False
              Attribute VB_Creatable = False
              Attribute VB_PredeclaredId = True
              Attribute VB_Exposed = True
              Attribute VB_TemplateDerived = False
              Attribute VB_Customizable = True
              

              General
              Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
              VBA File Name:ThisWorkbook.cls
              Stream Size:985
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I . " . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . -
              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 49 13 a5 22 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Attribute VB_Name = "ThisWorkbook"
              Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
              Attribute VB_GlobalNameSpace = False
              Attribute VB_Creatable = False
              Attribute VB_PredeclaredId = True
              Attribute VB_Exposed = True
              Attribute VB_TemplateDerived = False
              Attribute VB_Customizable = True
              

              General
              Stream Path:\x1CompObj
              CLSID:
              File Type:data
              Stream Size:114
              Entropy:4.25248375192737
              Base64 Encoded:True
              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
              General
              Stream Path:\x5DocumentSummaryInformation
              CLSID:
              File Type:data
              Stream Size:244
              Entropy:2.889430592781307
              Base64 Encoded:False
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
              General
              Stream Path:\x5SummaryInformation
              CLSID:
              File Type:data
              Stream Size:200
              Entropy:3.292068105701867
              Base64 Encoded:False
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . h } . . . . . . . . .
              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
              General
              Stream Path:MBD004F80F3/\x1CompObj
              CLSID:
              File Type:data
              Stream Size:99
              Entropy:3.631242196770981
              Base64 Encoded:False
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
              General
              Stream Path:MBD004F80F3/Package
              CLSID:
              File Type:Microsoft Excel 2007+
              Stream Size:758888
              Entropy:7.989909275240376
              Base64 Encoded:True
              Data ASCII:P K . . . . . . . . . . ! . 9 | . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
              Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 db 39 7c be ae 01 00 00 0e 06 00 00 13 00 d4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 d0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              General
              Stream Path:MBD004F80F4/\x1Ole
              CLSID:
              File Type:data
              Stream Size:846
              Entropy:4.283897110500678
              Base64 Encoded:False
              Data ASCII:. . . . ? k G . 3 . . . . . . . . . . . . . . . . y . . . K . . . . . h . t . t . p . s . : . / . / . L . i . n . k . e . d . i . n . d . f . k . s . d . j . k . f . w . e . i . f . g . j . h . d . f . h . g . j . u . h . u . e . g . f . d . j . g . h . j . f . h . j . g . h . d . f . j . g . h . h . u . h . f . d . g . j . h . j . f . h . g . g . j . h . f . g . u . h . d . f . j . g . j . f . f . h . j . h . g . h . j . v . c . u . b . r . e . j . h . h . . . d . O . C . @ . k . u . h . l . i . n . k . s
              Data Raw:01 00 00 02 ff 3f 6b 47 a8 b0 00 33 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 14 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 4c 00 69 00 6e 00 6b 00 65 00 64 00 69 00 6e 00 64 00 66 00 6b 00 73 00 64 00 6a 00 6b 00 66 00 77 00 65 00 69 00 66 00 67 00 6a 00 68 00 64 00 66 00 68 00 67 00 6a 00 75 00 68 00 75 00 65 00
              General
              Stream Path:Workbook
              CLSID:
              File Type:Applesoft BASIC program data, first line number 16
              Stream Size:425943
              Entropy:7.999116372245071
              Base64 Encoded:True
              Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . " * j : _ h . . ~ ; % ~ . _ S . & $ . > = A . . . . . . . . . . . . . \\ . p . 9 . . . ] C . | g . S = . e C . p . @ . c , . [ . . c . . Z ` . a . Y > * . / 4 } X . . . . . c + & l 6 . . w b - 2 . B . . . E a . . . < . . . = . . . 3 . Z . . . . . X . . p : . . . . . . . . . . . . . . . . . . K . . . $ . . . _ . = . . . U g f 4 < c . Z G . @ . . . F . . . . " . . . . . . . . . y . . . . . . Z 1 . . . ? z . * K . . Y . V . C 3 J . _ C 1 . . . . M . _ . _
              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 0c 96 22 2a a1 f9 6a 3a a5 a7 5f d6 68 08 f4 18 c1 f2 c1 ad 7e 3b 25 9e 7e a8 ad b0 a1 b5 cd ca 9c 88 e9 5f 86 bd 53 0d 26 fd 24 01 3e 84 3d 41 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 b0 f1 e2 00 00 00 5c 00 70 00 39 b3 83 9c 9c 10 f9 9b c7 11 d3 8f 5d 43 dd 1a 7c 67 8c 05 53 3d d0 97 b3 94
              General
              Stream Path:_VBA_PROJECT_CUR/PROJECT
              CLSID:
              File Type:ASCII text, with CRLF line terminators
              Stream Size:517
              Entropy:5.22331819792307
              Base64 Encoded:True
              Data ASCII:I D = " { 4 0 A 3 7 9 4 A - 6 2 D 4 - 4 9 F 2 - 8 6 1 E - B F F 3 8 6 B 5 0 5 1 C } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " B 1 B 3 6 0 8 0 6 4 8 0 6 4 8 0 6
              Data Raw:49 44 3d 22 7b 34 30 41 33 37 39 34 41 2d 36 32 44 34 2d 34 39 46 32 2d 38 36 31 45 2d 42 46 46 33 38 36 42 35 30 35 31 43 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
              General
              Stream Path:_VBA_PROJECT_CUR/PROJECTwm
              CLSID:
              File Type:data
              Stream Size:104
              Entropy:3.0488640812019017
              Base64 Encoded:False
              Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
              Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
              General
              Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
              CLSID:
              File Type:data
              Stream Size:2644
              Entropy:3.9805586022967634
              Base64 Encoded:False
              Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
              Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
              General
              Stream Path:_VBA_PROJECT_CUR/VBA/dir
              CLSID:
              File Type:data
              Stream Size:553
              Entropy:6.3664341854159625
              Base64 Encoded:True
              Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 9 . j . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2
              Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 ee 39 04 6a 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

              Download Network PCAP: filteredfull

              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
              2025-04-02T09:00:39.455612+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44972913.107.246.40443TCP
              2025-04-02T09:00:47.726914+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973013.107.246.40443TCP
              2025-04-02T09:00:47.731645+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973113.107.246.40443TCP
              • Total Packets: 199
              • 443 (HTTPS)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Apr 2, 2025 09:00:39.160722971 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.160775900 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.160866976 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.161250114 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.161273956 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.455528021 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.455611944 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.457206011 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.457222939 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.457437992 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.459184885 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.500272036 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.725833893 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.725869894 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.725889921 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.725943089 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.725970984 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.725986004 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.726310015 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.752712965 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.752737045 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.752819061 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.752836943 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.752974987 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.824959040 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.824980021 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.825102091 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.825123072 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.825356007 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.841097116 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.841115952 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.841187954 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.841203928 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.841253996 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.860543013 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.860562086 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.860626936 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:39.860641956 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:39.860780001 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.445467949 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.445503950 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.445538044 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.445568085 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.445600986 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.445619106 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.445641041 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.627140999 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.627173901 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.627396107 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.627418041 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.627521992 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.717622042 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.717649937 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.717840910 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.717860937 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.717905998 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.759006023 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.759032011 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.759144068 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.759166956 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.759371996 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.847248077 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.847274065 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.847337961 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.847373009 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.847392082 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.847585917 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.887366056 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.887388945 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.887487888 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.887511969 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.887705088 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.925554037 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.925575018 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.925668955 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.925688982 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.925890923 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.965435028 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.965455055 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.965506077 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.965526104 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:40.965543985 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:40.965688944 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.005116940 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.005141020 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.005206108 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.005233049 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.010965109 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.044848919 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.044874907 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.044912100 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.044929028 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.044946909 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.044970989 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.078670979 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.078687906 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.078775883 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.078797102 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.078845024 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.121968031 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.121989965 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.122061968 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.122061968 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.122091055 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.122193098 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.152697086 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.152712107 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.152775049 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.152795076 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.153206110 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.192329884 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.192352057 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.192394972 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.192420959 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.192439079 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.193172932 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.229391098 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.229418993 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.229454994 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.229470968 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.229489088 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.229506016 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.257812023 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.257837057 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.257874966 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.257889032 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.257915974 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.257932901 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.296384096 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.296401024 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.296458960 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.296478033 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.297512054 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.328433037 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.328459978 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.328510046 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.328531981 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.328548908 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.329379082 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.358916044 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.358939886 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.359023094 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.359039068 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.359186888 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.407442093 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.407464027 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.407545090 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.407565117 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.411201000 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.442888021 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.442905903 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.442972898 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.442987919 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.443136930 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.474781036 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.474809885 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.474925041 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.474946976 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.475132942 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.511552095 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.511574030 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.511645079 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.511667013 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.515193939 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.542898893 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.542922974 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.543014050 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.543030977 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.543183088 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.674082994 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.674107075 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.674190044 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.674196005 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.674213886 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.674237967 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.674252987 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.674290895 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.674303055 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.674324036 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.674387932 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.674397945 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.674669981 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.675059080 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.675080061 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.675122976 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.675136089 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.675151110 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.675170898 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.722085953 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.722115993 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.722173929 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.722196102 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.722230911 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.722242117 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.766336918 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.766359091 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.766449928 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.766470909 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.766669989 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.819315910 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.819339037 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.819451094 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.819477081 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.821376085 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.861505032 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.861526966 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.861612082 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.861635923 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.863737106 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.909514904 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.909554005 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.909584045 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.909605026 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.909624100 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.909643888 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.951719999 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.951771975 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.951833963 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:41.951855898 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:41.951913118 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.000468969 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.000509977 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.000561953 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.000590086 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.000607967 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.001240015 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.037040949 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.037064075 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.037152052 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.037175894 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.037508011 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.077279091 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.077301025 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.077347994 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.077369928 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.077387094 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.077423096 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.124032974 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.124058962 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.124102116 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.124124050 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.124140978 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.124171019 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.155426025 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.155451059 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.155494928 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.155517101 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.155534983 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.155632973 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.200876951 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.200901985 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.200942039 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.200964928 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.200983047 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.201004028 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.235341072 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.235363960 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.235404015 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.235425949 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.235441923 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.235457897 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.277848959 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.277874947 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.277916908 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.277935982 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.277954102 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.277971029 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.322227955 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.322251081 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.322926998 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.322926998 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.322947979 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.322993040 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.357904911 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.357925892 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.357984066 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.358002901 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.358031988 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.358048916 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.402203083 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.402230024 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.402280092 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.402301073 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.402317047 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.402335882 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.434741974 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.434799910 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.434818029 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.434838057 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.434864998 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.434880972 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.475104094 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.475132942 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.475178957 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.475199938 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.475215912 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.475236893 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.514435053 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.514466047 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.514519930 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.514540911 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.514569044 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.514586926 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.549978018 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.550005913 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.550054073 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.550075054 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.550096035 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.550112009 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.596533060 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.596554995 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.596622944 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.596643925 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.596671104 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.596693039 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.628766060 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.628789902 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.628859997 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.628879070 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.628900051 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.628916025 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.664051056 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.664074898 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.664165020 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.664182901 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.664268970 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.708233118 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.708272934 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.708331108 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.708353996 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.708380938 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.708396912 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.739595890 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.739619017 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.739703894 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.739726067 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.739768982 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.784277916 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.784300089 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.784356117 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.784377098 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.784395933 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.784416914 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.816138983 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.816159964 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.816230059 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.816250086 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.816278934 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.816910982 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.853430033 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.853451967 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.853491068 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.853512049 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.853530884 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.853549957 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.897433043 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.897454023 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.897526026 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.897555113 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.897571087 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.897767067 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.928711891 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.928735018 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.928807974 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.928831100 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.928844929 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.928965092 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.973792076 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.973813057 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.973855019 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.973875999 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:42.973891973 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:42.974170923 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.005805016 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.005829096 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.005862951 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.005881071 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.005894899 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.005947113 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.039280891 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.039303064 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.039372921 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.039402008 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.039417982 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.039437056 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.081068039 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.081091881 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.081141949 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.081176996 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.081196070 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.081219912 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.081228018 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.081269026 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.081465960 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.081485033 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:43.081496954 CEST49729443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:43.081502914 CEST4434972913.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.447171926 CEST49730443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.447240114 CEST4434973013.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.447554111 CEST49730443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.449047089 CEST49731443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.449106932 CEST4434973113.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.449359894 CEST49730443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.449371099 CEST49731443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.449378014 CEST4434973013.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.449506998 CEST49731443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.449522018 CEST4434973113.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.725908995 CEST4434973013.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.726913929 CEST49730443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.726937056 CEST4434973013.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.727235079 CEST49730443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.727247953 CEST4434973013.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.731184006 CEST4434973113.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.731645107 CEST49731443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.731664896 CEST4434973113.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.732419968 CEST49731443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.732424974 CEST4434973113.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.955704927 CEST4434973013.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.955761909 CEST4434973013.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.955811024 CEST49730443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.955826044 CEST4434973013.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.955883980 CEST4434973013.107.246.40192.168.2.4
              Apr 2, 2025 09:00:47.955925941 CEST49730443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.959449053 CEST49730443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:47.959470987 CEST4434973013.107.246.40192.168.2.4
              Apr 2, 2025 09:00:48.220447063 CEST4434973113.107.246.40192.168.2.4
              Apr 2, 2025 09:00:48.220535040 CEST4434973113.107.246.40192.168.2.4
              Apr 2, 2025 09:00:48.220597982 CEST49731443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:48.221060991 CEST49731443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:48.221086025 CEST4434973113.107.246.40192.168.2.4
              Apr 2, 2025 09:00:48.221098900 CEST49731443192.168.2.413.107.246.40
              Apr 2, 2025 09:00:48.221103907 CEST4434973113.107.246.40192.168.2.4
              TimestampSource PortDest PortSource IPDest IP
              Apr 2, 2025 09:00:39.056611061 CEST5219953192.168.2.41.1.1.1
              Apr 2, 2025 09:00:39.159657955 CEST53521991.1.1.1192.168.2.4
              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Apr 2, 2025 09:00:39.056611061 CEST192.168.2.41.1.1.10xf430Standard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false
              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Apr 2, 2025 08:59:34.794379950 CEST1.1.1.1192.168.2.40xb6baNo error (0)ecs-office.s-0005.dual-s-msedge.nets-0005.dual-s-msedge.netCNAME (Canonical name)IN (0x0001)false
              Apr 2, 2025 08:59:34.794379950 CEST1.1.1.1192.168.2.40xb6baNo error (0)s-0005.dual-s-msedge.net52.123.128.14A (IP address)IN (0x0001)false
              Apr 2, 2025 08:59:34.794379950 CEST1.1.1.1192.168.2.40xb6baNo error (0)s-0005.dual-s-msedge.net52.123.129.14A (IP address)IN (0x0001)false
              Apr 2, 2025 09:00:39.159657955 CEST1.1.1.1192.168.2.40xf430No error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
              Apr 2, 2025 09:00:39.159657955 CEST1.1.1.1192.168.2.40xf430No error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
              Apr 2, 2025 09:00:39.159657955 CEST1.1.1.1192.168.2.40xf430No error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Apr 2, 2025 09:00:39.159657955 CEST1.1.1.1192.168.2.40xf430No error (0)shed.dual-low.s-part-0012.t-0009.t-msedge.nets-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Apr 2, 2025 09:00:39.159657955 CEST1.1.1.1192.168.2.40xf430No error (0)s-part-0012.t-0009.t-msedge.net13.107.246.40A (IP address)IN (0x0001)false
              • otelrules.svc.static.microsoft
              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.44972913.107.246.404437900C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              TimestampBytes transferredDirectionData
              2025-04-02 07:00:39 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
              Connection: Keep-Alive
              Accept-Encoding: gzip
              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
              Host: otelrules.svc.static.microsoft
              2025-04-02 07:00:39 UTC493INHTTP/1.1 200 OK
              Date: Wed, 02 Apr 2025 07:00:39 GMT
              Content-Type: text/plain
              Content-Length: 1114783
              Connection: close
              Vary: Accept-Encoding
              Cache-Control: public
              Last-Modified: Tue, 01 Apr 2025 23:06:39 GMT
              ETag: "0x8DD7171DC6436CE"
              x-ms-request-id: db8abcff-901e-0064-1b71-a3e8a6000000
              x-ms-version: 2018-03-28
              x-azure-ref: 20250402T070039Z-17cccd5449b6vb9jhC1EWRfnfg0000001500000000007f0x
              x-fd-int-roxy-purgeid: 0
              X-Cache: TCP_HIT
              X-Cache-Info: L1_T2
              Accept-Ranges: bytes
              2025-04-02 07:00:39 UTC15891INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
              Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
              2025-04-02 07:00:39 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32
              Data Ascii: /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C T="U32
              2025-04-02 07:00:39 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 49 33 32
              Data Ascii: </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C T="I32
              2025-04-02 07:00:39 UTC16384INData Raw: 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
              Data Ascii: <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE"> <
              2025-04-02 07:00:39 UTC16384INData Raw: 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54
              Data Ascii: I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C> <S T
              2025-04-02 07:00:40 UTC16384INData Raw: 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32 33 2d 30 61 66 39 2d
              Data Ascii: coding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e23-0af9-
              2025-04-02 07:00:40 UTC16384INData Raw: 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55
              Data Ascii: "TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S> <C T="U
              2025-04-02 07:00:40 UTC16384INData Raw: 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20
              Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R> <V
              2025-04-02 07:00:40 UTC16384INData Raw: 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70 74 69 6f 6e 22 3e 0d
              Data Ascii: <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownException">
              2025-04-02 07:00:40 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20
              Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.44973013.107.246.404437900C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              TimestampBytes transferredDirectionData
              2025-04-02 07:00:47 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
              Connection: Keep-Alive
              Accept-Encoding: gzip
              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
              Host: otelrules.svc.static.microsoft
              2025-04-02 07:00:47 UTC515INHTTP/1.1 200 OK
              Date: Wed, 02 Apr 2025 07:00:47 GMT
              Content-Type: text/xml
              Content-Length: 2128
              Connection: close
              Vary: Accept-Encoding
              Cache-Control: public, max-age=604800, immutable
              Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
              ETag: "0x8DC582BA41F3C62"
              x-ms-request-id: a037e27a-d01e-0049-653b-a3e7dc000000
              x-ms-version: 2018-03-28
              x-azure-ref: 20250402T070047Z-17cccd5449bvj9xqhC1EWRh59s000000151g000000004070
              x-fd-int-roxy-purgeid: 0
              X-Cache: TCP_HIT
              X-Cache-Info: L1_T2
              Accept-Ranges: bytes
              2025-04-02 07:00:47 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.44973113.107.246.404437900C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              TimestampBytes transferredDirectionData
              2025-04-02 07:00:47 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
              Connection: Keep-Alive
              Accept-Encoding: gzip
              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
              Host: otelrules.svc.static.microsoft
              2025-04-02 07:00:48 UTC491INHTTP/1.1 200 OK
              Date: Wed, 02 Apr 2025 07:00:48 GMT
              Content-Type: text/xml
              Content-Length: 204
              Connection: close
              Cache-Control: public, max-age=604800, immutable
              Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
              ETag: "0x8DC582BB6C8527A"
              x-ms-request-id: 1caeada9-601e-006f-6d9a-a3e43f000000
              x-ms-version: 2018-03-28
              x-azure-ref: 20250402T070047Z-17cccd5449b6vb9jhC1EWRfnfg000000151g000000003tvc
              x-fd-int-roxy-purgeid: 0
              X-Cache: TCP_HIT
              X-Cache-Info: L1_T2
              Accept-Ranges: bytes
              2025-04-02 07:00:48 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


              050100s020406080100

              Click to jump to process

              050100s0.0050100150200250MB

              Click to jump to process

              • File
              • Registry

              Click to dive into process behavior distribution

              Target ID:0
              Start time:02:59:24
              Start date:02/04/2025
              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              Wow64 process (32bit):true
              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
              Imagebase:0x40000
              File size:53'161'064 bytes
              MD5 hash:4A871771235598812032C822E6F68F19
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Target ID:18
              Start time:03:00:40
              Start date:02/04/2025
              Path:C:\Windows\splwow64.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\splwow64.exe 12288
              Imagebase:0x7ff7f45b0000
              File size:163'840 bytes
              MD5 hash:77DE7761B037061C7C112FD3C5B91E73
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Target ID:23
              Start time:03:00:51
              Start date:02/04/2025
              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              Wow64 process (32bit):true
              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Inquiry-140-120.xla.xlsx"
              Imagebase:0x40000
              File size:53'161'064 bytes
              MD5 hash:4A871771235598812032C822E6F68F19
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              No disassembly