Edit tour

Windows Analysis Report
S6DgRF1SSD.xlsx

Overview

General Information

Sample name:	S6DgRF1SSD.xlsx renamed because original name is a hash value
Original sample name:	6bba78df2ac67668eb837a1593b6c1e3fc198fa4c1a4725a5d2370f8121c3a3b.xlsx
Analysis ID:	1543658
MD5:	334d7d30d9327e30d300d5ed3326d098
SHA1:	cdac6096bcc46f8ab2d668bba92d124beb7794d4
SHA256:	6bba78df2ac67668eb837a1593b6c1e3fc198fa4c1a4725a5d2370f8121c3a3b
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Document misses a certain OLE stream usually present in this Microsoft Office document type

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Sigma detected: Excel Network Connections

Sigma detected: Suspicious Office Outbound Connections

Unable to load, office file is protected or invalid

Yara signature match

Classification

Process Tree

System is w10x64_ra

EXCEL.EXE (PID: 6672 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\S6DgRF1SSD.xlsx" MD5: 4A871771235598812032C822E6F68F19)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
sheet1.xml	INDICATOR_XML_LegacyDrawing_AutoLoad_Document	detects AutoLoad documents using LegacyDrawing	ditekSHen	0xd94aa:$s1: <legacyDrawing r:id=" 0xd94d2:$s2: <oleObject progId=" 0xd9519:$s3: autoLoad="true"

Sigma Signatures

System Summary

Sigma detected: Excel Network Connections

Source: Network Connection

Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.45, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6672, Protocol: tcp, SourceIp: 192.168.2.16, SourceIsIpv6: false, SourcePort: 49715

Sigma detected: Suspicious Office Outbound Connections

Source: Network Connection

Author: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.16, DestinationIsIpv6: false, DestinationPort: 49715, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6672, Protocol: tcp, SourceIp: 13.107.246.45, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: S6DgRF1SSD.xlsx

Avira: detected

Multi AV Scanner detection for submitted file

Source: S6DgRF1SSD.xlsx

ReversingLabs: Detection: 65%

Source: unknown

HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.16:49715 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443

Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49715 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49715
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.45:443
Source: global traffic	TCP traffic: 13.107.246.45:443 -> 192.168.2.16:49716

Source: Joe Sandbox View

IP Address: 13.107.246.45 13.107.246.45

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715

Source: unknown

HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.16:49715 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: sheet1.xml, type: SAMPLE

Matched rule: detects AutoLoad documents using LegacyDrawing Author: ditekSHen

Source: S6DgRF1SSD.xlsx

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Window title found: microsoft excel okexcel cannot open the file 's6dgrf1ssd.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.

Source: sheet1.xml, type: SAMPLE

Matched rule: INDICATOR_XML_LegacyDrawing_AutoLoad_Document author = ditekSHen, description = detects AutoLoad documents using LegacyDrawing

Source: classification engine

Classification label: mal64.winXLSX@1/1@0/1

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\Desktop\~$S6DgRF1SSD.xlsx

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{6FAA909A-96D9-4102-ABE2-01CECCE0A980} - OProcSessId.dat

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: S6DgRF1SSD.xlsx

ReversingLabs: Detection: 65%

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: S6DgRF1SSD.xlsx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Exploitation for Client Execution	Path Interception	Path Interception	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
S6DgRF1SSD.xlsx	66%	ReversingLabs	Document-Office.Exploit.CVE-2017-11882
S6DgRF1SSD.xlsx	100%	Avira	EXP/CVE-2017-11882.Gen

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1543658
Start date and time:	2024-10-28 08:08:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	S6DgRF1SSD.xlsx renamed because original name is a hash value
Original Sample Name:	6bba78df2ac67668eb837a1593b6c1e3fc198fa4c1a4725a5d2370f8121c3a3b.xlsx
Detection:	MAL
Classification:	mal64.winXLSX@1/1@0/1
Cookbook Comments:	Found application associated with file extension: .xlsx

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.109.76.243, 184.28.90.27, 52.113.194.132, 13.89.179.8, 20.42.73.28
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, neu-azsc-000.roaming.officeapps.live.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, onedscolprdcus06.centralus.cloudapp.azure.com, azureedge-t-prod.trafficmanager.net, onedscolprdeus15.eastus.cloudapp.azure.com, ecs.office.trafficmanager.net, europe.configsvc1.live.c
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: S6DgRF1SSD.xlsx

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.107.246.45	https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4	Get hash	malicious	HTMLPhisher	Browse	nam.dcv.ms/BxPVLH2cz4

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0017.t-0009.t-msedge.net	file.exe	Get hash	malicious	Stealc, Vidar	Browse	13.107.246.45
	SecuriteInfo.com.W64.Trojan.GKA.gen.Eldorado.28037.23063.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	SecuriteInfo.com.Trojan.MulDrop28.30792.12555.31478.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	SecuriteInfo.com.Win64.MalwareX-gen.31244.2279.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	Reminder.exe	Get hash	malicious	Amadey	Browse	13.107.246.45
	SecuriteInfo.com.Variant.Giant.Cerbu.75.14856.25265.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	1730040844c315465b42549fc945fcc365e3b38ee79e6f8426df216ee7746112fae780918c772.dat-decoded.exe	Get hash	malicious	AsyncRAT	Browse	13.107.246.45
	1730036586ac45c02678cfb051f46a3829e59a655739bcebbb1e2d27474e330fbc4c2b3a3d596.dat-decoded.dll	Get hash	malicious	Unknown	Browse	13.107.246.45
	1730032629d03288421fce5e7d9e6026f5a967d50c541a02112bcbceaac1a2fa9677728cde553.dat-decoded.exe	Get hash	malicious	Blackshades	Browse	13.107.246.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	splmpsl.elf	Get hash	malicious	Unknown	Browse	40.122.4.22
	nklarm5.elf	Get hash	malicious	Unknown	Browse	22.128.237.7
	jklmips.elf	Get hash	malicious	Unknown	Browse	52.177.73.48
	nabarm7.elf	Get hash	malicious	Unknown	Browse	52.106.234.75
	splarm7.elf	Get hash	malicious	Unknown	Browse	21.120.144.237
	nabppc.elf	Get hash	malicious	Unknown	Browse	20.212.244.102
	splarm.elf	Get hash	malicious	Unknown	Browse	22.118.115.129
	splarm5.elf	Get hash	malicious	Unknown	Browse	40.64.250.180
	splmips.elf	Get hash	malicious	Unknown	Browse	20.25.67.143
	splspc.elf	Get hash	malicious	Unknown	Browse	22.82.225.127

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWorm	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	165
Entropy (8bit):	1.3520167401771568
Encrypted:	false
SSDEEP:	3:8Nultln:X1n
MD5:	9AC4D67F6E514F452D4A1DB79CE3B2E8
SHA1:	33F8C665ECBB81275D2E49D48F2565A58A282043
SHA-256:	407E1D871964C93DBDBD4D00613CD0A9E30D3ED6352D8052C58E7A252D52FC5A
SHA-512:	018D0F54AB0AB01F27E9FB870A128F2F581A58487399DD7FB56A94EC4AAEC6874708A5AD5650F362485E45E2C6A557ED08524C5B8335F83F240E0962281A0F1A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	.user ..c.a.l.i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General

File type:	Microsoft Excel 2007+
Entropy (8bit):	7.982401310884206
TrID:	Excel Microsoft Office Open XML Format document (35004/1) 81.40% ZIP compressed archive (8000/1) 18.60%
File name:	S6DgRF1SSD.xlsx
File size:	779'181 bytes
MD5:	334d7d30d9327e30d300d5ed3326d098
SHA1:	cdac6096bcc46f8ab2d668bba92d124beb7794d4
SHA256:	6bba78df2ac67668eb837a1593b6c1e3fc198fa4c1a4725a5d2370f8121c3a3b
SHA512:	29a51f19d8c22b48f977b3e038ca5c82021adcbd7c59f9b44908e58410c872a3593439810de77b7cb821d1bd4d7d98276f8fc533e505b15c37af8e3ff6a237d2
SSDEEP:	12288:jHUhf6WgiHmPhTCS/nNM9xH6+NKoQ/yj2JglKY+9G+d4BYDWpw44h7j:jHUhfsacya+MoVVKr9GaFDh
TLSH:	54F402057068E9B5B3AEC1A94E44BD222BC380057C0B005E2FF7FB476AD97968F5D92D
File Content Preview:	PK.........@XY.\|{7............[Content_Types].xmlUT......g...g...g.T.n.0....?..."......C....A..."..k.@n.......(`..}.@P3.;;..r.]..\l......0.hlX6.....*.B......[,......i..T.....Q..T..z(2&.\|.....6/U...%......c .TS.!.fs. [..=d...:j..1....d>Q...{.F@J.j .\...G..

File Icon


Icon Hash:	35e58a8c0c8a85b9

Static OLE Info

General

Document Type:	OpenXML
Number of OLE Files:	1

OLE File "S6DgRF1SSD.xlsx"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	False

Summary

Author:	Jose Suarez
Last Saved By:	HP
Create Time:	2024-09-30T12:55:35Z
Last Saved Time:	2024-10-01T18:04:35Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary

Thumbnail Scaling Desired:	false
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	12.0000

Streams

Stream Path: \x1Ole10NATIvE, File Type: data, Stream Size: 934659

General
Stream Path:	\x1Ole10NATIvE
CLSID:
File Type:	data
Stream Size:	934659
Entropy:	5.994528560105819
Base64 Encoded:	False
Data ASCII:	S . . } ) K . p . . . z . . M . . G % g V H . S . # c - b # c . E . o 2 . . ! 0 : . 6 . c C L H F . ! . i . O . @ K J d . ' g ) } . . > + . 7 Z . ( 1 y . m y ( z l . . . . . b % = ; V . l . Y a . b 9 , [ . K . " @ o . W . l ' . . . } 2 : d U L T . C [ . a : . . ? " @ q I { 7 q F Q d c - N + F G n , . Q . ] + m I B . . . = o \| . L . . } ? e 8 m . K " 3 . U . 1 I i $ P . 9 X P . \\ . ? F J S . 7 = 5 . . m B = Y , u v . N m R . M l < , @ S 0 P W . $ . . . . c 6 3 ^ . x . 7 3 f j X $ . [ j ] . . x e 1 8 . M P
Data Raw:	53 c1 e3 00 02 7d 29 4b 03 70 01 08 1e 8c bd df e9 b1 7a 81 c5 94 d3 93 85 8b 4d c9 8b 19 b8 bb e7 47 a2 25 b4 67 56 48 8b 10 53 ff d2 05 ee 23 ea 63 2d 62 23 ea 63 ff e0 96 fc 10 45 00 c0 e1 df 6f 32 b2 1e c7 bb 91 e5 98 21 bc 30 9f 3a 82 f9 07 36 ea 09 63 43 4c 48 46 85 01 21 12 69 c4 c2 1f 4f d5 1a 40 a1 fc 9d bd 4b 4a fc 64 1e 27 67 29 9a 7d 1a 07 3e 2b ad 16 37 5a 80 a1 18 28

Stream Path: ubwgReBzZL5dui7PBNwgJN3, File Type: empty, Stream Size: 0

General
Stream Path:	ubwgReBzZL5dui7PBNwgJN3
CLSID:
File Type:	empty
Stream Size:	0
Entropy:	0.0
Base64 Encoded:	False
Data ASCII:
Data Raw:

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 08:09:56.087928057 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:56.087984085 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:56.088104963 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:56.091006041 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:56.091023922 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:56.839994907 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:56.840168953 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:56.842391014 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:56.842411041 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:56.842781067 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:56.844381094 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:56.891350031 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.468267918 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.468306065 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.468355894 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.468465090 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:57.468508005 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.468530893 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:57.468571901 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:57.585941076 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.585978031 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.586112976 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:57.586164951 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.586216927 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:57.703681946 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.703711033 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.703824997 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:57.703860998 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.703908920 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:57.820188999 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.820219994 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.820405006 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:57.820472956 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.820549011 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:57.937053919 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.937084913 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.937236071 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:57.937277079 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:57.937371969 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.054114103 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.054152012 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.054336071 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.054403067 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.054474115 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.170603991 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.170681000 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.170891047 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.170953989 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.171066046 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.212629080 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.212697983 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.212861061 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.212932110 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.212955952 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.212992907 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.329278946 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.329366922 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.329471111 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.329511881 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.329539061 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.329580069 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.407865047 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.407895088 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.408118963 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.408152103 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.408252001 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.522597075 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.522629023 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.522828102 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.522864103 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.522955894 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.566076994 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.566107988 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.566268921 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.566302061 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.566401005 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.682300091 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.682327032 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.682596922 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.682647943 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.682730913 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.757046938 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.757112026 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.757230043 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.757263899 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.757296085 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.757343054 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.879832983 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.879903078 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.880052090 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.880093098 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.880108118 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.880146980 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.919037104 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.919060946 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.919224024 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.919245958 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.919322968 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.997195005 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.997216940 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.997416019 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:58.997438908 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:58.997503996 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.034764051 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.034787893 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.034945011 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.034975052 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.035059929 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.150199890 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.150223970 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.150363922 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.150377989 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.150475025 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.153192997 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.153209925 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.153280973 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.153286934 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.153357029 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.267908096 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.267930031 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.268048048 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.268068075 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.268116951 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.340873003 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.340924025 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.341037989 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.341049910 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.341085911 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.385283947 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.385313988 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.385452032 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.385468006 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.385539055 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.464399099 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.464436054 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.464616060 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.464624882 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.464692116 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.502815008 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.502909899 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.502989054 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.502999067 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.503087044 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.581701040 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.581736088 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.581847906 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.581856966 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.581924915 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.619265079 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.619306087 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.619376898 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.619384050 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.619431019 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.619450092 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.692711115 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.692787886 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.692936897 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.692969084 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.692990065 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.693022013 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.736924887 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.736967087 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.737257004 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.737289906 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.737430096 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.776807070 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.776849985 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.777115107 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:09:59.777153969 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:09:59.777245045 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.017465115 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.017501116 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.017554998 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.017673016 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.017762899 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.017802954 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.017838001 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.020153999 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.020205975 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.020265102 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.020279884 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.020308018 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.020431995 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.022655964 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.022682905 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.022793055 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.022793055 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.022809982 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.022871971 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.024523973 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.024559021 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.024611950 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.024624109 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.024669886 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.024694920 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.046720982 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.046746016 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.046858072 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.046869993 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.046966076 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.087955952 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.088025093 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.088157892 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.088172913 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.088191032 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.088253975 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.090233088 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.090257883 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.090365887 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.090374947 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.090466976 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.346666098 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.346683025 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.346729040 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.346776009 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.346806049 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.346824884 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.346849918 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.349031925 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.349055052 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.349136114 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.349154949 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.349174976 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.349201918 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.351416111 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.351435900 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.351505995 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.351525068 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.351577997 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.561950922 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.561969042 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.562020063 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.562134981 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.562200069 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.562324047 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.562324047 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.566939116 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.566971064 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.567054033 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.567074060 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.567147970 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.569747925 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.569777012 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.569855928 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.569871902 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.569936037 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.572580099 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.572607040 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.572705984 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.572720051 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.572786093 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.574517965 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.574543953 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.574621916 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.574647903 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.574677944 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.574697018 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.576102018 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.576127052 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.576205969 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.576221943 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.576294899 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.577908993 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.577931881 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.578027010 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.578041077 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.578108072 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.578836918 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.578861952 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.578953028 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.578965902 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.579030991 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.630255938 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.630296946 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.630460024 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.630491018 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.630646944 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.673639059 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.673672915 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.673882008 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.673950911 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.674024105 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.674611092 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.674634933 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.674685955 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.674701929 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.674735069 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.674757004 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.747550964 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.747582912 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.747927904 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.748023033 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.748105049 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.790385008 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.790447950 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.790740967 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.790824890 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.790920973 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.791877031 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.791919947 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.791969061 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.791997910 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.792032003 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.792073965 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.830828905 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.830863953 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.831054926 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.831093073 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.831177950 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.907119036 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.907181978 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.907329082 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.907385111 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.907545090 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.907545090 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.908272028 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.908318996 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.908375978 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.908385038 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.908438921 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.909919977 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.909965992 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.910008907 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.910024881 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.910041094 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.910084009 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.982584953 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.982620955 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.982876062 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:00.982908010 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:00.983002901 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.024475098 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.024506092 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.024674892 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.024758101 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.024936914 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.025670052 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.025698900 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.025774956 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.025804996 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.025887012 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.026746035 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.026772022 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.026834965 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.026853085 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.026882887 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.026937962 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.101783991 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.101864100 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.101986885 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.102061033 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.102128983 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.102154970 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.142930984 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.142985106 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.143263102 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.143346071 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.143456936 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.144332886 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.144380093 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.144438982 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.144454956 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.144486904 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.144517899 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.216346979 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.216382027 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.216502905 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.216541052 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.216619015 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.217777014 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.217797995 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.217873096 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.217880964 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.217941046 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.259113073 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.259207964 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.259269953 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.259294987 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.259368896 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.259623051 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.259646893 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:01.259670973 CET	49715	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:01.259677887 CET	443	49715	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:04.334498882 CET	49716	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:04.334526062 CET	443	49716	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:04.334624052 CET	49716	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:04.334918976 CET	49716	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:04.334932089 CET	443	49716	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:05.087027073 CET	443	49716	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:05.087701082 CET	49716	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:05.087728024 CET	443	49716	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:05.088494062 CET	49716	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:05.088499069 CET	443	49716	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:05.351665974 CET	443	49716	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:05.351721048 CET	443	49716	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:05.351821899 CET	49716	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:05.351835966 CET	443	49716	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:05.351866961 CET	443	49716	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:05.351927996 CET	49716	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:05.352224112 CET	49716	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:05.352236986 CET	443	49716	13.107.246.45	192.168.2.16
Oct 28, 2024 08:10:05.352257013 CET	49716	443	192.168.2.16	13.107.246.45
Oct 28, 2024 08:10:05.352262974 CET	443	49716	13.107.246.45	192.168.2.16

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 28, 2024 08:09:56.083784103 CET	1.1.1.1	192.168.2.16	0xa7a	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 08:09:56.083784103 CET	1.1.1.1	192.168.2.16	0xa7a	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49715	13.107.246.45	443	6672	C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Timestamp	Bytes transferred	Direction	Data
2024-10-28 07:09:56 UTC	219	OUT	GET /rules/excel.exe-Production-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-28 07:09:57 UTC	542	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 07:09:57 GMT Content-Type: text/plain Content-Length: 1112556 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Sun, 27 Oct 2024 10:35:44 GMT ETag: "0x8DCF6731CE408D3" x-ms-request-id: a808c8f2-d01e-0082-7208-29e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241028T070956Z-17c5cb586f626sn8grcgm1gf80000000036g000000003z7t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-28 07:09:57 UTC	15842	IN	Data Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35 Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
2024-10-28 07:09:57 UTC	16384	IN	Data Raw: 22 20 46 3d 22 41 75 74 68 6f 72 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 Data Ascii: " F="AuthorCount" /> </C> <T> <S T="1" /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"
2024-10-28 07:09:57 UTC	16384	IN	Data Raw: 20 20 3c 41 20 54 3d 22 53 55 4d 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 41 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a Data Ascii: <A T="SUM"> <S T="1" F="11" /> </A> </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" />
2024-10-28 07:09:57 UTC	16384	IN	Data Raw: 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d Data Ascii: </O> </F> <F T="6"> <O T="AND"> <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L>
2024-10-28 07:09:57 UTC	16384	IN	Data Raw: 20 20 20 20 20 3c 53 20 54 3d 22 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f Data Ascii: <S T="25" /> </C> </C> <C T="U32" I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O
2024-10-28 07:09:58 UTC	16384	IN	Data Raw: 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 39 30 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d Data Ascii: </T></R><$!#>10907v0+<?xml version="1.0" encoding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns="">
2024-10-28 07:09:58 UTC	16384	IN	Data Raw: 20 3c 53 3e 0d 0a 20 20 20 20 3c 54 49 20 54 3d 22 31 22 20 49 3d 22 44 61 69 6c 79 22 20 2f 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 Data Ascii: <S> <TI T="1" I="Daily" /> <A T="2" E="TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" />
2024-10-28 07:09:58 UTC	16384	IN	Data Raw: 6b 30 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 Data Ascii: k0m" /> <F T="6"> <O T="EQ"> <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="t
2024-10-28 07:09:58 UTC	16384	IN	Data Raw: 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: 4" T="U32" /> </R> </O> </F> <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="
2024-10-28 07:09:58 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 Data Ascii: <O T="EQ"> <L> <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49716	13.107.246.45	443	6672	C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Timestamp	Bytes transferred	Direction	Data
2024-10-28 07:10:05 UTC	207	OUT	GET /rules/rule120603v8s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-28 07:10:05 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 07:10:05 GMT Content-Type: text/xml Content-Length: 2128 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA41F3C62" x-ms-request-id: 84a1d713-001e-00a2-4ba7-26d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241028T071005Z-16849878b78qfbkc5yywmsbg0c000000047g00000000he7n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-28 07:10:05 UTC	2128	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=

Target ID:	1
Start time:	03:08:45
Start date:	28/10/2024
Path:	C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\S6DgRF1SSD.xlsx"
Imagebase:	0xde0000
File size:	53'161'064 bytes
MD5 hash:	4A871771235598812032C822E6F68F19
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report S6DgRF1SSD.xlsx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Desktop\~$S6DgRF1SSD.xlsx

Static File Info

General

File Icon

Static OLE Info

General

OLE File "S6DgRF1SSD.xlsx"

Indicators

Summary

Document Summary

Streams

Stream Path: \x1Ole10NATIvE, File Type: data, Stream Size: 934659

General

Stream Path: ubwgReBzZL5dui7PBNwgJN3, File Type: empty, Stream Size: 0

General

Network Behavior

Network Port Distribution

TCP Packets

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Windows Analysis Report
S6DgRF1SSD.xlsx