Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
RFQ-JC25-#595837.xlsx

Overview

General Information

Sample name:RFQ-JC25-#595837.xlsx
Analysis ID:1632410
MD5:e92602e233cac292e95c00b067798b20
SHA1:1d51d0475c9d9185262980dab24f5a9ee421df07
SHA256:7cd01a88aae5857a8ac654397e089f8d67c4a3695e27568c02b252078765786d
Tags:xlsxuser-TomU
Infos:

Detection

Score:64
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 8484 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 6644 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
sheet1.xmlINDICATOR_XML_LegacyDrawing_AutoLoad_Documentdetects AutoLoad documents using LegacyDrawingditekSHen
  • 0x1bb:$s1: <legacyDrawing r:id="
  • 0x1e3:$s2: <oleObject progId="
  • 0x232:$s3: autoLoad="true"

Sigma Signatures

System Summary

barindex
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.60, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 8484, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49705
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.5, DestinationIsIpv6: false, DestinationPort: 49705, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 8484, Protocol: tcp, SourceIp: 13.107.246.60, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-07T23:30:40.082029+010020283713Unknown Traffic192.168.2.54970513.107.246.60443TCP
2025-03-07T23:30:47.345253+010020283713Unknown Traffic192.168.2.54970613.107.246.60443TCP
2025-03-07T23:30:47.370624+010020283713Unknown Traffic192.168.2.54970713.107.246.60443TCP

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: RFQ-JC25-#595837.xlsxAvira: detected
Source: RFQ-JC25-#595837.xlsxReversingLabs: Detection: 68%
Source: RFQ-JC25-#595837.xlsxVirustotal: Detection: 54%Perma Link
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49705
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49706
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49706
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49707
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49707
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49706
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49706
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49706
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49707
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49707
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49707
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49706
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49706
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49706
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49706
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49706
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49706
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49707
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49707
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49707
Source: global trafficTCP traffic: 192.168.2.5:49707 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.5:49707
Source: excel.exeMemory has grown: Private usage: 2MB later: 168MB
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 13.107.246.60:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49705 version: TLS 1.2

System Summary

barindex
Source: sheet1.xml, type: SAMPLEMatched rule: detects AutoLoad documents using LegacyDrawing Author: ditekSHen
Source: sheet1.xml, type: SAMPLEMatched rule: INDICATOR_XML_LegacyDrawing_AutoLoad_Document author = ditekSHen, description = detects AutoLoad documents using LegacyDrawing
Source: classification engineClassification label: mal64.winXLSX@3/2@1/1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$RFQ-JC25-#595837.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{A82AF4E7-DFBB-47BD-83B5-679427E41332} - OProcSessId.datJump to behavior
Source: RFQ-JC25-#595837.xlsxOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: RFQ-JC25-#595837.xlsxReversingLabs: Detection: 68%
Source: RFQ-JC25-#595837.xlsxVirustotal: Detection: 54%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{88d96a0f-f192-11d4-a65f-0040963251e5}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: RFQ-JC25-#595837.xlsxStatic file information: File size 1936045 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: RFQ-JC25-#595837.xlsxInitial sample: OLE indicators vbamacros = False
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 960Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1632410 Sample: RFQ-JC25-#595837.xlsx Startdate: 07/03/2025 Architecture: WINDOWS Score: 64 15 star-azurefd-prod.trafficmanager.net 2->15 17 shed.dual-low.s-part-0032.t-0009.t-msedge.net 2->17 19 3 other IPs or domains 2->19 23 Malicious sample detected (through community Yara rule) 2->23 25 Antivirus / Scanner detection for submitted sample 2->25 27 Multi AV Scanner detection for submitted file 2->27 7 EXCEL.EXE 218 53 2->7         started        signatures3 process4 dnsIp5 21 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49705, 49706 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 7->21 13 C:\Users\user\...\~$RFQ-JC25-#595837.xlsx, data 7->13 dropped 11 splwow64.exe 1 7->11         started        file6 process7

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
RFQ-JC25-#595837.xlsx68%ReversingLabsDocument-Office.Exploit.CVE-2017-11882
RFQ-JC25-#595837.xlsx55%VirustotalBrowse
RFQ-JC25-#595837.xlsx100%AviraEXP/CVE-2017-11882.Gen

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-0005.dual-s-msedge.net
52.123.128.14
truefalse
    		high
    s-part-0032.t-0009.t-msedge.net
    		13.107.246.60
    		truefalse
      		high
      otelrules.svc.static.microsoft
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
          		high
          https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
            		high
            https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              13.107.246.60
              		s-part-0032.t-0009.t-msedge.netUnited States
              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1632410
              Start date and time:2025-03-07 23:28:25 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 4m 43s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsofficecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:13
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:RFQ-JC25-#595837.xlsx
              Detection:MAL
              Classification:mal64.winXLSX@3/2@1/1
              Cookbook Comments:
              • Found application associated with file extension: .xlsx
              • Found Word or Excel or PowerPoint or XPS Viewer
              • Attach to Office via COM
              • Active ActiveX Object
              • Scroll down
              • Close Viewer
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 52.109.89.18, 23.60.203.209, 52.109.76.243, 51.116.253.168, 52.123.128.14, 20.190.160.20, 150.171.28.10
              • Excluded domains from analysis (whitelisted): g.bing.com, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, onedscolprdgwc01.germanywestcentral.cloudapp.azure.com, neu-azsc-000.roaming.officeapps.live.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, login.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, prod.roaming1.live.com.akadns.net, c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com, ax-ring.msedge.net, config.officeapps.live.com, e16604.f.akamaiedge.net, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtCreateKey calls found.
              • Report size getting too big, too many NtQueryAttributesFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              17:30:36API Interceptor986x Sleep call for process: splwow64.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
              • www.mimecast.com/Customers/Support/Contact-support/
              http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
              • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              s-part-0032.t-0009.t-msedge.netPlay_Voicemail_Transcription._(387.KB).svgGet hashmaliciousHTMLPhisherBrowse
              • 13.107.246.60
              AyciQgru1X.exeGet hashmaliciousRemcosBrowse
              • 13.107.246.60
              NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              New Order.xlsGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              New Order.xlsGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              s-0005.dual-s-msedge.netNEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
              • 52.123.128.14
              New Order.xlsGet hashmaliciousUnknownBrowse
              • 52.123.129.14
              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
              • 52.123.129.14
              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
              • 52.123.129.14
              Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
              • 52.123.128.14
              NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
              • 52.123.128.14
              New Order.xlsGet hashmaliciousUnknownBrowse
              • 52.123.128.14
              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
              • 52.123.128.14
              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
              • 52.123.128.14
              Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
              • 52.123.129.14

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              MICROSOFT-CORP-MSN-AS-BLOCKUShttps://www.dottedsign.com/task?code=eyJhbGciOiJIUzUxMiJ9.eyJ0YXNrX2lkIjozNDU1ODM1LCJmaWxlX2lkIjoyMjU3NDQ4Mywic2lnbl9maWxlX2lkIjoyMzE3NTY1OCwic3RhZ2VfaWQiOjQ3MjQ2MTcsImVtYWlsIjoidmZhcmlhc0B3ZXN0bGFrZS5jb20iLCJleHBpcmVkX2F0IjoxNzQxNTUzNDgzfQ.HzZLgMMxAZSV_iVgO--XdcSNVOvVCdiCg8S3aUWMChplsdtgyqOWKyJi3vwVbeBh99sm9EHWsNwj41IZdYNjWAGet hashmaliciousUnknownBrowse
              • 150.171.28.10
              Smart-Message-Analyzer.jarGet hashmaliciousUnknownBrowse
              • 40.126.32.136
              letsVPN.exeGet hashmaliciousUnknownBrowse
              • 23.98.101.155
              file.exeGet hashmaliciousVidarBrowse
              • 204.79.197.203
              letsVPN.exeGet hashmaliciousUnknownBrowse
              • 52.250.216.138
              NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              New Order.xlsGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
              • 13.107.246.60

              JA3 Fingerprints

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              a0e9f5d64349fb13191bc781f81f42e1DQBok03QL1.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.60
              ORLVDnEcC3.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.60
              kS9YOZjwfn.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.60
              rakf6nyw06.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.60
              0V0Q7kWH0N.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.60
              KMSpico.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.60
              KMSpico.exeGet hashmaliciousLummaC StealerBrowse
              • 13.107.246.60
              plugin-newest_release_.exeGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              plugin-newest_release_.exeGet hashmaliciousUnknownBrowse
              • 13.107.246.60
              AaxpYFDQ32.exeGet hashmaliciousAmadey, Credential Flusher, GCleaner, LummaC Stealer, StealcBrowse
              • 13.107.246.60

              Dropped Files

              No context

              Created / dropped Files

              C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):118
              Entropy (8bit):3.5700810731231707
              Encrypted:false
              SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
              MD5:573220372DA4ED487441611079B623CD
              SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
              SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
              SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
              Malicious:false
              Reputation:high, very likely benign file
              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

              C:\Users\user\Desktop\~$RFQ-JC25-#595837.xlsx

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              File Type:data
              Category:dropped
              Size (bytes):165
              Entropy (8bit):1.5231029153786204
              Encrypted:false
              SSDEEP:3:sYp5lFltt:sYp5Nv
              MD5:B77267835A6BEAC785C351BDE8E1A61C
              SHA1:FABD93A92989535D43233E3DB9C6579D8174740E
              SHA-256:3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3
              SHA-512:FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033
              Malicious:true
              Reputation:moderate, very likely benign file
              Preview:.user ..a.l.f.o.n.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

              Static File Info

              General

              File type:Microsoft Excel 2007+
              Entropy (8bit):7.997917737152123
              TrID:
              • Excel Microsoft Office Open XML Format document (35004/1) 81.40%
              • ZIP compressed archive (8000/1) 18.60%
              File name:RFQ-JC25-#595837.xlsx
              File size:1'936'045 bytes
              MD5:e92602e233cac292e95c00b067798b20
              SHA1:1d51d0475c9d9185262980dab24f5a9ee421df07
              SHA256:7cd01a88aae5857a8ac654397e089f8d67c4a3695e27568c02b252078765786d
              SHA512:49a1bad6531944ea0ab9d2dce4d75a23cc2b6749503797981e3e47e63187341c9d32cdb20931c2892a22a952aa5cb3101cf2a58f1fff98aee3799464046a2ddb
              SSDEEP:49152:mOMAtFPeCF9u8nL7+bni1UQz5Qnuy1wabLNH:5tvF9u8nL7sn5QNLymaXNH
              TLSH:489533010CAF68478A6E2A7110B7D3D14D79D9465F324BBE700926709CCA6A7BF50FEE
              File Content Preview:PK........F!fZ..P.....c.......[Content_Types].xmlUT.... .g. .g. .g.U.J.1.}...!..I. "...."...........v.{o.. t.../...,..,...5..b..U.WvY.Nz...b/....+......*...n..'..&@*..R.j.p.y.5X.J.....G+.~...!.b.......;.....l.......#..IX..k...`.......-0kWL.`..H.......?.j.

              File Icon

              Icon Hash:35e58a8c0c8a85b9

              Static OLE Info

              General

              Document Type:OpenXML
              Number of OLE Files:1

              OLE File "RFQ-JC25-#595837.xlsx"

              Indicators
              Has Summary Info:
              Application Name:
              Encrypted Document:False
              Contains Word Document Stream:False
              Contains Workbook/Book Stream:True
              Contains PowerPoint Document Stream:False
              Contains Visio Document Stream:False
              Contains ObjectPool Stream:False
              Flash Objects Count:0
              Contains VBA Macros:False
              Summary
              Author:ctrl
              Last Saved By:ctrl
              Create Time:2022-11-18T02:05:27Z
              Last Saved Time:2022-11-18T02:07:12Z
              Creating Application:Microsoft Excel
              Security:0
              Document Summary
              Thumbnail Scaling Desired:false
              Contains Dirty Links:false
              Shared Document:false
              Changed Hyperlinks:false
              Application Version:12.0000
              General
              Stream Path:\x1oLe10NaTIve
              CLSID:
              File Type:data
              Stream Size:2198765
              Entropy:7.658473942845762
              Base64 Encoded:True
              Data ASCII:~ , . . . . . m . . & _ 6 X # y . . . J ( . . { . > S . ; . . C # D . a O A . M . W n s . . . w . o - t r r ? < B U h . p ? J o w . . > ! O . ` U 1 . U . V z P 3 . j d . Q f . . . . n ` u % . 4 h D . [ > 5 . . . . D h Q , 9 . . Y : X ] t . . Y s 3 . % . M . i l U P V s d g K . 2 . z @ . + $ - 8 . s . 7 . # . C ( W T l 6 . Z o . I 7 4 K . . E F 5 _ . y s e d L . L Q B - . X . ' . F C . ; 6 / L n A a . . ) x ? O . . n . . ) U J v ' . . | G @ . & % d . . 7 D [ . % z $ v @ . _ ^ . 9 . . . . 8 . . . . a . W
              Data Raw:7e 2c 8a 03 02 05 1d 0f b7 6d 01 08 26 9a be 5f 36 58 99 81 ee 23 79 12 99 8b 16 8b 1a be f8 4a cb 28 81 c6 b8 1c 7b d7 8b 3e 53 ff d7 05 ef 97 d0 3b 05 12 9f 43 c4 ff e0 23 b0 da 44 00 99 61 4f d8 d0 f2 a0 41 e1 05 87 4d c6 a9 57 6e bd 73 f1 01 08 f9 e3 94 dd b8 cc 77 86 c7 ae b8 6f b4 2d 84 ef 74 72 72 e7 3f 81 3c ed c8 f4 e6 bb 42 55 68 2e d9 70 3f 4a 6f 77 0e c8 87 cf 3e 21 95
              General
              Stream Path:KuG7FT
              CLSID:
              File Type:empty
              Stream Size:0
              Entropy:0.0
              Base64 Encoded:False
              Data ASCII:
              Data Raw:

              Network Behavior

              Download Network PCAP: filteredfull

              Suricata IDS Alerts

              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
              2025-03-07T23:30:40.082029+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54970513.107.246.60443TCP
              2025-03-07T23:30:47.345253+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54970613.107.246.60443TCP
              2025-03-07T23:30:47.370624+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54970713.107.246.60443TCP

              Network Port Distribution

              • Total Packets: 176
              • 443 (HTTPS)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Mar 7, 2025 23:30:37.994225025 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:37.994277954 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:37.994363070 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:37.994786978 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:37.994812965 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.081954956 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.082029104 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.083755016 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.083765030 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.084005117 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.085450888 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.132319927 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.642761946 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.642827988 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.642872095 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.642884970 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.642909050 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.642937899 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.642957926 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.748931885 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.748991966 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.749038935 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.749093056 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.749120951 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.749304056 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.772429943 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.772480965 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.772536039 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.772547007 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.772612095 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.809377909 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.809396982 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.809487104 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.809504032 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.810113907 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.844531059 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.844548941 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.844614983 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.844629049 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.844662905 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.844680071 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.867961884 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.867979050 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.868202925 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.868218899 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.868268967 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.894804001 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.894819021 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.894886971 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.894901037 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.894959927 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.914028883 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.914043903 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.914105892 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.914117098 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.914165974 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.933892965 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.933907986 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.933971882 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.933984041 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.934015036 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.934034109 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.948265076 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.948281050 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.948327065 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.948338985 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.948367119 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.948385954 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.958112001 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.958133936 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.958185911 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.958197117 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.958316088 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.969377995 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.969396114 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.969439030 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.969448090 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.969477892 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.969486952 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.978904009 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.978919983 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.978975058 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.978986025 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.979088068 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.990144014 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.990160942 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.990204096 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.990214109 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:40.990241051 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:40.990322113 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.001008987 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.001024008 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.001085997 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.001115084 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.001929045 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.010620117 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.010636091 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.010694981 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.010721922 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.010816097 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.020849943 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.020864964 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.020926952 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.020946980 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.021090031 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.038441896 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.038458109 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.038522959 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.038549900 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.038641930 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.048111916 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.048126936 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.048192978 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.048208952 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.048451900 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.059523106 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.059539080 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.059596062 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.059606075 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.059675932 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.069019079 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.069035053 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.069091082 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.069099903 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.069127083 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.069180012 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.080467939 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.080485106 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.080559015 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.080568075 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.080756903 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.091166973 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.091181993 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.091268063 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.091280937 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.091495991 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.100770950 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.100786924 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.100852013 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.100862026 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.104067087 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.111047983 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.111063004 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.111114979 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.111123085 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.111156940 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.111176014 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.131959915 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.131975889 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.132038116 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.132049084 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.132165909 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.147557974 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.147573948 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.147634029 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.147643089 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.147695065 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.149626970 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.149641991 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.149698019 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.149707079 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.149755001 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.159066916 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.159081936 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.159137964 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.159147024 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.159199953 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.170627117 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.170645952 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.170720100 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.170730114 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.170985937 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.181265116 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.181281090 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.181348085 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.181360006 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.181418896 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.190876961 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.190891981 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.190958977 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.190972090 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.191087961 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.201176882 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.201200962 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.201268911 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.201283932 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.201433897 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.222243071 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.222263098 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.222332954 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.222351074 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.222465992 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.238245010 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.238261938 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.238328934 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.238338947 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.238399029 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.239757061 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.239773035 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.239830017 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.239837885 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.239886999 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.249363899 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.249380112 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.249439955 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.249449015 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.249589920 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.260730028 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.260745049 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.260806084 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.260816097 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.261185884 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.271420956 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.271439075 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.271497965 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.271516085 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.271615982 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.281198025 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.281213045 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.281270027 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.281280041 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.281342983 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.291305065 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.291320086 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.291395903 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.291408062 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.291958094 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.312397003 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.312414885 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.312488079 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.312500954 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.313400984 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.327979088 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.328000069 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.328073025 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.328083038 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.328119040 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.328142881 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.329826117 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.329844952 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.329917908 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.329926968 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.330281019 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.340090036 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.340106010 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.340153933 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.340162992 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.340200901 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.340220928 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.350866079 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.350882053 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.350941896 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.350950003 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.351062059 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.361593962 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.361608982 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.361660957 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.361669064 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.361898899 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.371107101 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.371130943 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.371196032 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.371207952 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.371325970 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.381783962 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.381798983 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.381835938 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.381844997 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.381867886 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.381884098 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.404040098 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.404058933 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.404120922 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.404135942 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.404263973 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.418170929 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.418188095 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.418250084 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.418262005 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.418426037 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.419931889 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.419946909 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.419998884 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.420006990 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.420058012 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.430439949 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.430457115 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.430550098 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.430560112 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.430599928 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.441024065 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.441040039 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.441118002 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.441131115 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.441765070 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.452729940 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.452745914 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.452806950 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.452817917 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.452970028 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.461560011 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.461580038 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.462423086 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.462430954 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.462558985 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.472945929 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.472964048 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.473026037 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.473035097 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.473112106 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.494462013 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.494477987 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.494540930 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.494549990 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.494653940 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.508317947 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.508333921 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.508403063 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.508413076 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.508523941 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.510014057 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.510029078 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.510081053 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.510090113 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.510188103 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.520716906 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.520733118 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.520900011 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.520911932 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.520962000 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.531171083 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.531188011 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.531255007 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.531265974 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.531387091 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.543427944 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.543452024 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.543523073 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.543540001 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.543656111 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.551376104 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.551392078 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.551459074 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.551470995 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.551558971 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.563044071 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.563060045 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.563136101 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.563146114 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.563313961 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.584646940 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.584664106 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.584718943 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.584729910 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.584829092 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.598648071 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.598668098 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.598751068 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.598761082 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.598788977 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.598830938 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.600224018 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.600239038 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.600279093 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.600294113 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.600303888 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.600323915 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.600362062 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.600454092 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.600481987 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.600496054 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.600496054 CET49705443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:41.600505114 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:41.600511074 CET4434970513.107.246.60192.168.2.5
              Mar 7, 2025 23:30:45.435868025 CET49706443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:45.435928106 CET4434970613.107.246.60192.168.2.5
              Mar 7, 2025 23:30:45.436063051 CET49706443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:45.436454058 CET49706443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:45.436467886 CET4434970613.107.246.60192.168.2.5
              Mar 7, 2025 23:30:45.437932014 CET49707443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:45.437972069 CET4434970713.107.246.60192.168.2.5
              Mar 7, 2025 23:30:45.438024998 CET49707443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:45.438226938 CET49707443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:45.438242912 CET4434970713.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.344511986 CET4434970613.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.345252991 CET49706443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:47.345288992 CET4434970613.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.346206903 CET49706443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:47.346213102 CET4434970613.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.370031118 CET4434970713.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.370624065 CET49707443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:47.370644093 CET4434970713.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.371525049 CET49707443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:47.371530056 CET4434970713.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.816854000 CET4434970613.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.816920042 CET4434970613.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.817219019 CET49706443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:47.817250967 CET4434970613.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.817348957 CET49706443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:47.817365885 CET4434970613.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.817378044 CET49706443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:47.817787886 CET4434970613.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.817882061 CET4434970613.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.817955971 CET49706443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:47.852925062 CET4434970713.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.870728016 CET4434970713.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.870827913 CET49707443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:47.870857000 CET49707443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:47.870878935 CET4434970713.107.246.60192.168.2.5
              Mar 7, 2025 23:30:47.870888948 CET49707443192.168.2.513.107.246.60
              Mar 7, 2025 23:30:47.870894909 CET4434970713.107.246.60192.168.2.5
              TimestampSource PortDest PortSource IPDest IP
              Mar 7, 2025 23:30:37.984190941 CET5700053192.168.2.51.1.1.1
              Mar 7, 2025 23:30:37.993024111 CET53570001.1.1.1192.168.2.5

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Mar 7, 2025 23:30:37.984190941 CET192.168.2.51.1.1.10xb570Standard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Mar 7, 2025 23:29:34.851305962 CET1.1.1.1192.168.2.50x8357No error (0)ecs-office.s-0005.dual-s-msedge.nets-0005.dual-s-msedge.netCNAME (Canonical name)IN (0x0001)false
              Mar 7, 2025 23:29:34.851305962 CET1.1.1.1192.168.2.50x8357No error (0)s-0005.dual-s-msedge.net52.123.128.14A (IP address)IN (0x0001)false
              Mar 7, 2025 23:29:34.851305962 CET1.1.1.1192.168.2.50x8357No error (0)s-0005.dual-s-msedge.net52.123.129.14A (IP address)IN (0x0001)false
              Mar 7, 2025 23:30:37.993024111 CET1.1.1.1192.168.2.50xb570No error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
              Mar 7, 2025 23:30:37.993024111 CET1.1.1.1192.168.2.50xb570No error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
              Mar 7, 2025 23:30:37.993024111 CET1.1.1.1192.168.2.50xb570No error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Mar 7, 2025 23:30:37.993024111 CET1.1.1.1192.168.2.50xb570No error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Mar 7, 2025 23:30:37.993024111 CET1.1.1.1192.168.2.50xb570No error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • otelrules.svc.static.microsoft

              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.54970513.107.246.604438484C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              TimestampBytes transferredDirectionData
              2025-03-07 22:30:40 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
              Connection: Keep-Alive
              Accept-Encoding: gzip
              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
              Host: otelrules.svc.static.microsoft
              2025-03-07 22:30:40 UTC493INHTTP/1.1 200 OK
              Date: Fri, 07 Mar 2025 22:30:40 GMT
              Content-Type: text/plain
              Content-Length: 1114783
              Connection: close
              Vary: Accept-Encoding
              Cache-Control: public
              Last-Modified: Thu, 06 Mar 2025 06:05:34 GMT
              ETag: "0x8DD5C74E888C29E"
              x-ms-request-id: bc7dbbe7-201e-0000-80a4-8fa537000000
              x-ms-version: 2018-03-28
              x-azure-ref: 20250307T223040Z-er19df8ddfb6znnhhC1EWRk1300000000ms000000000dp8q
              x-fd-int-roxy-purgeid: 0
              X-Cache-Info: L1_T2
              X-Cache: TCP_HIT
              Accept-Ranges: bytes
              2025-03-07 22:30:40 UTC15891INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
              Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
              2025-03-07 22:30:40 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32
              Data Ascii: /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C T="U32
              2025-03-07 22:30:40 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 49 33 32
              Data Ascii: </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C T="I32
              2025-03-07 22:30:40 UTC16384INData Raw: 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
              Data Ascii: <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE"> <
              2025-03-07 22:30:40 UTC16384INData Raw: 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54
              Data Ascii: I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C> <S T
              2025-03-07 22:30:40 UTC16384INData Raw: 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32 33 2d 30 61 66 39 2d
              Data Ascii: coding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e23-0af9-
              2025-03-07 22:30:40 UTC16384INData Raw: 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55
              Data Ascii: "TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S> <C T="U
              2025-03-07 22:30:40 UTC16384INData Raw: 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20
              Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R> <V
              2025-03-07 22:30:40 UTC16384INData Raw: 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70 74 69 6f 6e 22 3e 0d
              Data Ascii: <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownException">
              2025-03-07 22:30:40 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20
              Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.54970613.107.246.604438484C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              TimestampBytes transferredDirectionData
              2025-03-07 22:30:47 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
              Connection: Keep-Alive
              Accept-Encoding: gzip
              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
              Host: otelrules.svc.static.microsoft
              2025-03-07 22:30:47 UTC495INHTTP/1.1 200 OK
              Date: Fri, 07 Mar 2025 22:30:47 GMT
              Content-Type: text/xml
              Content-Length: 2128
              Connection: close
              Vary: Accept-Encoding
              Cache-Control: public, max-age=604800, immutable
              Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
              ETag: "0x8DC582BA41F3C62"
              x-ms-request-id: 8e81438f-901e-0016-54b0-8fefe9000000
              x-ms-version: 2018-03-28
              x-azure-ref: 20250307T223047Z-er19df8ddfb6znnhhC1EWRk1300000000mv00000000083f0
              x-fd-int-roxy-purgeid: 0
              X-Cache: TCP_MISS
              Accept-Ranges: bytes
              2025-03-07 22:30:47 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.54970713.107.246.604438484C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              TimestampBytes transferredDirectionData
              2025-03-07 22:30:47 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
              Connection: Keep-Alive
              Accept-Encoding: gzip
              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
              Host: otelrules.svc.static.microsoft
              2025-03-07 22:30:47 UTC471INHTTP/1.1 200 OK
              Date: Fri, 07 Mar 2025 22:30:47 GMT
              Content-Type: text/xml
              Content-Length: 204
              Connection: close
              Cache-Control: public, max-age=604800, immutable
              Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
              ETag: "0x8DC582BB6C8527A"
              x-ms-request-id: 00201abe-b01e-003e-74b0-8f8e41000000
              x-ms-version: 2018-03-28
              x-azure-ref: 20250307T223047Z-er19df8ddfbhg7qshC1EWRg5s00000000msg00000000cchz
              x-fd-int-roxy-purgeid: 0
              X-Cache: TCP_MISS
              Accept-Ranges: bytes
              2025-03-07 22:30:47 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


              Statistics

              CPU Usage

              050100s020406080100

              Click to jump to process

              Memory Usage

              050100s0.0050100150200MB

              Click to jump to process

              High Level Behavior Distribution

              • File
              • Registry

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:17:29:28
              Start date:07/03/2025
              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
              Wow64 process (32bit):true
              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
              Imagebase:0xc30000
              File size:53'161'064 bytes
              MD5 hash:4A871771235598812032C822E6F68F19
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false
              Show Windows behavior

              File Activities

              Show Windows behavior

              Section Activities

              Show Windows behavior

              Registry Activities

              Show Windows behavior

              COM Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Activities

              Show Windows behavior

              Thread Activities

              Show Windows behavior

              Memory Activities

              Show Windows behavior

              System Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Windows UI Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              General

              Target ID:7
              Start time:17:30:36
              Start date:07/03/2025
              Path:C:\Windows\splwow64.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\splwow64.exe 12288
              Imagebase:0x7ff6eefb0000
              File size:163'840 bytes
              MD5 hash:77DE7761B037061C7C112FD3C5B91E73
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Section Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Activities

              Show Windows behavior

              Thread Activities

              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Disassembly

              No disassembly