Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Riko Ekos d.o.o. RFQ #PO51842018.xlsx

Overview

General Information

Sample name:Riko Ekos d.o.o. RFQ #PO51842018.xlsx
Analysis ID:1651032
MD5:2c265f3f5136de58896ec5bd9d814a5d
SHA1:5930e285662ab9b3ae5228acb16802a9c1eb1bdd
SHA256:b6daa340200ee967ef4a7c2a2378014c978aa553ca4d6aa5cb6317ed049378b7
Tags:RFQxlsxuser-cocaman
Infos:

Detection

Score:64
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 6636 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 3044 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
sheet1.xmlINDICATOR_XML_LegacyDrawing_AutoLoad_Documentdetects AutoLoad documents using LegacyDrawingditekSHen
  • 0x1bb:$s1: <legacyDrawing r:id="
  • 0x1e3:$s2: <oleObject progId="
  • 0x21d:$s3: autoLoad="true"

Sigma Signatures

System Summary

barindex
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.40, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6636, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49697
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.7, DestinationIsIpv6: false, DestinationPort: 49697, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6636, Protocol: tcp, SourceIp: 13.107.246.40, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-28T11:24:36.120269+010020283713Unknown Traffic192.168.2.74969713.107.246.40443TCP
2025-03-28T11:24:42.001220+010020283713Unknown Traffic192.168.2.74969813.107.246.40443TCP
2025-03-28T11:24:42.004085+010020283713Unknown Traffic192.168.2.74969913.107.246.40443TCP

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Riko Ekos d.o.o. RFQ #PO51842018.xlsxAvira: detected
Source: Riko Ekos d.o.o. RFQ #PO51842018.xlsxVirustotal: Detection: 61%Perma Link
Source: Riko Ekos d.o.o. RFQ #PO51842018.xlsxReversingLabs: Detection: 72%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 192.168.2.7:49699 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49699
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.7:49698
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49697 -> 13.107.246.40:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49698 -> 13.107.246.40:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49699 -> 13.107.246.40:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.7:49697 version: TLS 1.2

System Summary

barindex
Source: sheet1.xml, type: SAMPLEMatched rule: detects AutoLoad documents using LegacyDrawing Author: ditekSHen
Source: sheet1.xml, type: SAMPLEMatched rule: INDICATOR_XML_LegacyDrawing_AutoLoad_Document author = ditekSHen, description = detects AutoLoad documents using LegacyDrawing
Source: classification engineClassification label: mal64.winXLSX@3/2@1/1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Riko Ekos d.o.o. RFQ #PO51842018.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user~1\AppData\Local\Temp\{66C06191-CA6A-4A10-A6D4-C59BC6B3559A} - OProcSessId.datJump to behavior
Source: Riko Ekos d.o.o. RFQ #PO51842018.xlsxOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: Riko Ekos d.o.o. RFQ #PO51842018.xlsxVirustotal: Detection: 61%
Source: Riko Ekos d.o.o. RFQ #PO51842018.xlsxReversingLabs: Detection: 72%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{88d96a0f-f192-11d4-a65f-0040963251e5}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: Riko Ekos d.o.o. RFQ #PO51842018.xlsxStatic file information: File size 1103568 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: Riko Ekos d.o.o. RFQ #PO51842018.xlsxInitial sample: OLE indicators vbamacros = False
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 954Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1651032 Sample: Riko Ekos d.o.o.  RFQ #PO51... Startdate: 28/03/2025 Architecture: WINDOWS Score: 64 15 star-azurefd-prod.trafficmanager.net 2->15 17 shed.dual-low.s-part-0012.t-0009.t-msedge.net 2->17 19 3 other IPs or domains 2->19 23 Malicious sample detected (through community Yara rule) 2->23 25 Antivirus / Scanner detection for submitted sample 2->25 27 Multi AV Scanner detection for submitted file 2->27 7 EXCEL.EXE 230 53 2->7         started        signatures3 process4 dnsIp5 21 s-part-0012.t-0009.t-msedge.net 13.107.246.40, 443, 49697, 49698 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 7->21 13 ~$Riko Ekos d.o.o.  RFQ #PO51842018.xlsx, data 7->13 dropped 11 splwow64.exe 1 7->11         started        file6 process7

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Riko Ekos d.o.o. RFQ #PO51842018.xlsx62%VirustotalBrowse
Riko Ekos d.o.o. RFQ #PO51842018.xlsx72%ReversingLabsDocument-Office.Exploit.CVE-2017-11882
Riko Ekos d.o.o. RFQ #PO51842018.xlsx100%AviraEXP/CVE-2017-11882.Gen

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0012.t-0009.t-msedge.net
13.107.246.40
truefalse
    		high
    bg.microsoft.map.fastly.net
    		151.101.46.172
    		truefalse
      		high
      s-0005.dual-s-msedge.net
      		52.123.129.14
      		truefalse
        		high
        otelrules.svc.static.microsoft
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
            		high
            https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
              		high
              https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                13.107.246.40
                		s-part-0012.t-0009.t-msedge.netUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                General Information

                Joe Sandbox version:42.0.0 Malachite
                Analysis ID:1651032
                Start date and time:2025-03-28 11:22:26 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 4m 43s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsofficecookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:15
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:Riko Ekos d.o.o. RFQ #PO51842018.xlsx
                Detection:MAL
                Classification:mal64.winXLSX@3/2@1/1
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Found application associated with file extension: .xlsx
                • Found Word or Excel or PowerPoint or XPS Viewer
                • Attach to Office via COM
                • Active ActiveX Object
                • Scroll down
                • Close Viewer
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 52.109.0.91, 23.204.23.20, 52.109.8.36, 151.101.46.172, 20.42.72.131, 52.123.129.14, 20.190.151.132, 4.175.87.197
                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, osiprod-cus-buff-azsc-000.centralus.cloudapp.azure.com, login.live.com, wus-azsc-config.officeapps.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, cus-azsc-000.roaming.officeapps.live.com, fe3cr.delivery.mp.microsoft.com, us1.roaming1.live.com.akadns.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, onedscolprdeus00.eastus.cloudapp.azure.com, ecs.office.trafficmanager.net
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtCreateKey calls found.
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadVirtualMemory calls found.
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                06:24:30API Interceptor975x Sleep call for process: splwow64.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                • www.aib.gov.uk/
                NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                • 2s.gg/3zs
                PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                • 2s.gg/42Q
                06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                • 2s.gg/3zk
                Quotation.xlsGet hashmaliciousUnknownBrowse
                • 2s.gg/3zM

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                s-0005.dual-s-msedge.netCompany Profile (Riko Ekos d.o.o).docGet hashmaliciousUnknownBrowse
                • 52.123.128.14
                CTF_IOC_28 marzo 2025.emlGet hashmaliciousUnknownBrowse
                • 52.123.129.14
                Operation framework.msgGet hashmaliciousUnknownBrowse
                • 52.123.129.14
                FW Thursday 27th march 2025q.msgGet hashmaliciousUnknownBrowse
                • 52.123.129.14
                phish_alert_sp2_2.0.0.0 DB - Copy.emlGet hashmaliciousUnknownBrowse
                • 52.123.128.14
                PURCHASE ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                • 52.123.129.14
                PURCHASE ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                • 52.123.129.14
                EFT Payment sent On 26032025.msgGet hashmaliciousUnknownBrowse
                • 52.123.129.14
                Quotation_ISH2025.xlsGet hashmaliciousUnknownBrowse
                • 52.123.129.14
                Welcome_to_EMR_Operations.emlGet hashmaliciousUnknownBrowse
                • 52.123.128.14
                bg.microsoft.map.fastly.netSHIPPING ADVICE#2025.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                • 199.232.90.172
                SZf8I0IvEg.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                • 199.232.90.172
                7NOT92-GmT6-1OjO9-R14.msiGet hashmaliciousUnknownBrowse
                • 151.101.46.172
                SOA.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                • 199.232.90.172
                MetroHealthNow.com.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                • 199.232.38.172
                PURCHASE ORDER 517-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                • 199.232.90.172
                SecuriteInfo.com.Trojan.Win32.32652.13367.exeGet hashmaliciousScreenConnect ToolBrowse
                • 199.232.38.172
                SecuriteInfo.com.Trojan.Win32.32652.13367.exeGet hashmaliciousScreenConnect ToolBrowse
                • 199.232.90.172
                https://webmail-oxcs.networksolutionsemail.com/appsuite/api/share/06aa762107b86ac26a9d4b37b86a49dfbc05657fa4e7fd74/1/8/MjYxGet hashmaliciousOrcusBrowse
                • 199.232.90.172
                New Order For 2000 Pieces.exeGet hashmaliciousAgentTeslaBrowse
                • 199.232.90.172
                s-part-0012.t-0009.t-msedge.nethttps://mahoganydevelopment.knack.com/untitled-appGet hashmaliciousHTMLPhisherBrowse
                • 13.107.246.40
                345778.pdfGet hashmaliciousHTMLPhisherBrowse
                • 13.107.246.40
                #Ud83d#Udd0aAudio_Msg Pharma.xhtmlGet hashmaliciousHTMLPhisherBrowse
                • 13.107.246.40
                #U25baPlay_VM-Now(Lhershey)ATTT0003.htmlGet hashmaliciousHTMLPhisherBrowse
                • 13.107.246.40
                #Ud83d#Udd0aAudio_Msg Pharma.xhtmlGet hashmaliciousHTMLPhisherBrowse
                • 13.107.246.40
                https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPGet hashmaliciousHTMLPhisherBrowse
                • 13.107.246.40
                http://google.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                • 13.107.246.40
                https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d089a6470-d3a7-46a4-8852-73c0c698c729%26user%3d1f7621fb-e95b-459f-9e70-2ef3d5935926%26ticket%3dp5hN%25252fl8PpUcQKPkV0TMbs2ptO%25252bRNmG2KxgcRrL%25252bWsgY%25253d%26ver%3d2.0Get hashmaliciousUnknownBrowse
                • 13.107.246.40
                https://www.canva.com/design/DAGiRhhTm_M/1Wb1338QF_BEv0zYs4WfZQ/view?utm_content=DAGiRhhTm_M&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h6159cd66cf&umid=b05be093-6f53-49ec-8a3b-87bea166f93e&auth=5175c0148660b71d9cf40f5d2581457ec88fc189-b6bc2ea861a256fc841ad8d60030f2289750b83Get hashmaliciousHTMLPhisherBrowse
                • 13.107.246.40
                Quotation_ISH2025.xlsGet hashmaliciousUnknownBrowse
                • 13.107.246.40

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                MICROSOFT-CORP-MSN-AS-BLOCKUSSecuriteInfo.com.Win64.MalwareX-gen.24792.5071.exeGet hashmaliciousUnknownBrowse
                • 204.79.197.203
                SecuriteInfo.com.Win64.MalwareX-gen.24792.5071.exeGet hashmaliciousUnknownBrowse
                • 204.79.197.203
                Invoice & Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                • 204.79.197.203
                https://innovation-platform-6635.my.salesforce-sites.com/secGet hashmaliciousHTMLPhisherBrowse
                • 13.107.42.14
                bimbo-m68k.elfGet hashmaliciousUnknownBrowse
                • 51.111.190.78
                bimbo-mpsl.elfGet hashmaliciousUnknownBrowse
                • 104.210.176.36
                bimbo-arm.elfGet hashmaliciousUnknownBrowse
                • 137.135.44.93
                bimbo-ppc.elfGet hashmaliciousUnknownBrowse
                • 20.18.207.219
                bimbo-spc.elfGet hashmaliciousUnknownBrowse
                • 13.90.63.146
                bimbo-mips.elfGet hashmaliciousUnknownBrowse
                • 20.161.24.87

                JA3 Fingerprints

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                a0e9f5d64349fb13191bc781f81f42e1SecuriteInfo.com.Win64.MalwareX-gen.24792.5071.exeGet hashmaliciousUnknownBrowse
                • 13.107.246.40
                SecuriteInfo.com.Win64.MalwareX-gen.28952.10037.exeGet hashmaliciousUnknownBrowse
                • 13.107.246.40
                SecuriteInfo.com.Win64.MalwareX-gen.24792.5071.exeGet hashmaliciousUnknownBrowse
                • 13.107.246.40
                SecuriteInfo.com.Win64.MalwareX-gen.28952.10037.exeGet hashmaliciousUnknownBrowse
                • 13.107.246.40
                RPfRna2bbq.exeGet hashmaliciousLummaCBrowse
                • 13.107.246.40
                RPfRna2bbq.exeGet hashmaliciousLummaCBrowse
                • 13.107.246.40
                54f93e4c9e4b381833ea400527326dbe.bin.exeGet hashmaliciousLummaC StealerBrowse
                • 13.107.246.40
                #U015e#U0113t#U0e19p.zipGet hashmaliciousLummaC StealerBrowse
                • 13.107.246.40
                Install.exeGet hashmaliciousLummaC StealerBrowse
                • 13.107.246.40
                setup.exeGet hashmaliciousLummaC StealerBrowse
                • 13.107.246.40

                Dropped Files

                No context

                Created / dropped Files

                C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):118
                Entropy (8bit):3.5700810731231707
                Encrypted:false
                SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                MD5:573220372DA4ED487441611079B623CD
                SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                Malicious:false
                Reputation:high, very likely benign file
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                C:\Users\user\Desktop\~$Riko Ekos d.o.o. RFQ #PO51842018.xlsx

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                File Type:data
                Category:dropped
                Size (bytes):165
                Entropy (8bit):1.7769794087092887
                Encrypted:false
                SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                MD5:37BD8218D560948827D3B948CAFA579C
                SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                Malicious:true
                Reputation:moderate, very likely benign file
                Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                Static File Info

                General

                File type:Microsoft Excel 2007+
                Entropy (8bit):7.998371707667736
                TrID:
                • Excel Microsoft Office Open XML Format document (35004/1) 81.40%
                • ZIP compressed archive (8000/1) 18.60%
                File name:Riko Ekos d.o.o. RFQ #PO51842018.xlsx
                File size:1'103'568 bytes
                MD5:2c265f3f5136de58896ec5bd9d814a5d
                SHA1:5930e285662ab9b3ae5228acb16802a9c1eb1bdd
                SHA256:b6daa340200ee967ef4a7c2a2378014c978aa553ca4d6aa5cb6317ed049378b7
                SHA512:d2dd2208ee985527d29c101d6328c139d6cde1f847f18b4cb66c4631e510a9a9c114ea66c2aec543adf0b7c3e886bf4959eb4d7eede4c0079cbbfa8e05463cac
                SSDEEP:24576:R66CVMUqOytEFmXT0X7JvyTih0SinIEC7sKZA1r1r1si:lCVMxOytEFsTAJvyuaSECwwA1hr1si
                TLSH:623533C5E9BBB0B5CC0F823040E715754BBF6A6D43B13E92DF786848E67B99E8053258
                File Content Preview:PK.........YzZ.9......f.......[Content_Types].xmlUT......g...g...g.UKK.1.....%W..U..n{...A....d...&!.k...l.......lX..1..1..j.-!D.l..y.e`.S.....t..dYDa.0.B....xt|4|Z{...m,X...8...Z..y.43s..H.a....1.~.._p.,...&.6......d."...I...Gb..w....&.`.....h)....U?T{n6

                File Icon

                Icon Hash:35e58a8c0c8a85b9

                Static OLE Info

                General

                Document Type:OpenXML
                Number of OLE Files:1

                OLE File "Riko Ekos d.o.o. RFQ #PO51842018.xlsx"

                Indicators
                Has Summary Info:
                Application Name:
                Encrypted Document:False
                Contains Word Document Stream:False
                Contains Workbook/Book Stream:True
                Contains PowerPoint Document Stream:False
                Contains Visio Document Stream:False
                Contains ObjectPool Stream:False
                Flash Objects Count:0
                Contains VBA Macros:False
                Summary
                Author:ctrl
                Last Saved By:ctrl
                Create Time:2022-11-18T02:05:27Z
                Last Saved Time:2022-11-18T02:07:12Z
                Creating Application:Microsoft Excel
                Security:0
                Document Summary
                Thumbnail Scaling Desired:false
                Contains Dirty Links:false
                Shared Document:false
                Changed Hyperlinks:false
                Application Version:12.0000
                General
                Stream Path:\x1ole10nAtIVe
                CLSID:
                File Type:data
                Stream Size:1316230
                Entropy:7.120941598223329
                Base64 Encoded:True
                Data ASCII:< . . Z " / . . . . 7 S . . . . } w 3 w l ; R . . 7 G - 0 G + . E . \\ 7 " . h W . } . p S O . 9 . ^ + [ b ^ q . . a = O _ n S " . . \\ . o . a . H % | ? . \\ . . H . O ) . : . ` i 7 { Y ? . S c h . [ ) 6 x x . ] . s ` R / 9 - : $ . 9 . K . . . { . . . 6 . . P . : . L . . . V . g B W . L ( Z x q % 3 z E . 8 O . k . . w } X t l c 0 . . c . . - q s . q . 0 . ] . | . > g E P . . . " _ x A . ) . K v H R B . + B W . l . V 4 . . . 4 t j ` 6 m G = . _ u . . T z 4 x n + \\ . . * . . . . . G . C a . . Z ' K X ] u V .
                Data Raw:fa f2 3c 01 02 5a 22 2f 06 e0 01 08 af c5 be f1 37 53 f7 81 f6 cd 8a 16 f7 8b 06 8b 10 bb 7d f0 77 93 81 c3 33 77 ce 6c 8b 3b 52 ff d7 05 af 1d 37 47 2d 95 f3 30 47 ff e0 2b c9 0d 45 00 5c 37 22 b6 19 ff e2 68 57 c7 f3 a4 1a 7d 1a be c3 c1 70 dd e2 53 4f bd 2e e9 39 b1 f5 da 88 5e 2b 5b 62 bb 5e d6 71 de 09 a8 99 09 61 3d 9e fa 4f 5f 6e ba 53 22 8b 0d 07 cc 20 5c d6 aa 83 6f e2 a7
                General
                Stream Path:QFsLkMXbXUscZMY3
                CLSID:
                File Type:empty
                Stream Size:0
                Entropy:0.0
                Base64 Encoded:False
                Data ASCII:
                Data Raw:

                Network Behavior

                Download Network PCAP: filteredfull

                Suricata IDS Alerts

                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                2025-03-28T11:24:36.120269+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74969713.107.246.40443TCP
                2025-03-28T11:24:42.001220+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74969813.107.246.40443TCP
                2025-03-28T11:24:42.004085+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74969913.107.246.40443TCP

                Network Port Distribution

                • Total Packets: 201
                • 443 (HTTPS)
                • 53 (DNS)
                TimestampSource PortDest PortSource IPDest IP
                Mar 28, 2025 11:24:35.847431898 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:35.847469091 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:35.847577095 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:35.848088980 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:35.848098993 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.120204926 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.120269060 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.121984959 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.121993065 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.122623920 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.124052048 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.164263964 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.407840014 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.407869101 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.407885075 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.407948971 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.407977104 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.407993078 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.408029079 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.428812027 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.428844929 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.428919077 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.428932905 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.428981066 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.493107080 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.493134022 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.493244886 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.493271112 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.493334055 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.509376049 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.509423018 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.509501934 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.509522915 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.509551048 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.509577036 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.529340982 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.529369116 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.529412031 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.529437065 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.529464006 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.529483080 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.580418110 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.580449104 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.580543995 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.580552101 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.580591917 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.580599070 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.607505083 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.607528925 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.607584000 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.607592106 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.607635975 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.630611897 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.630636930 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.630688906 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.630696058 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.630754948 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.665868044 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.665904999 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.665949106 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.665960073 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.666007996 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.694140911 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.694169998 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.694259882 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.694267035 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.694331884 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.719944000 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.719974995 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.720010996 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.720037937 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.720065117 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.720083952 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.755790949 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.755821943 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.755883932 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.755892038 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.755934000 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.780899048 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.780920982 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.780963898 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.780968904 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.781027079 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.801862001 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.801884890 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.801933050 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.801955938 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.801980019 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.801995039 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.834516048 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.834537983 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.834573984 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.834583044 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.834621906 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.857701063 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.857722044 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.857801914 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.857808113 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.857836008 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.857855082 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.879688978 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.879709959 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.879744053 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.879761934 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.879784107 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.879801989 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.902987957 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.903007030 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.903048992 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.903072119 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.903095961 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.903115988 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.933926105 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.933962107 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.934020996 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.934027910 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.934056044 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.934072971 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.958921909 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.958950043 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.959047079 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.959053993 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.959086895 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.981383085 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.981405020 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.981511116 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:36.981538057 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:36.981580019 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.005157948 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.005178928 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.005234003 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.005239964 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.005273104 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.005294085 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.030370951 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.030395985 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.030545950 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.030553102 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.030595064 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.051956892 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.051992893 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.052079916 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.052084923 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.052126884 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.074012995 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.074039936 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.074136972 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.074160099 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.074179888 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.074206114 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.096843958 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.096865892 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.096957922 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.096965075 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.097002983 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.121145964 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.121167898 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.121279955 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.121287107 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.121324062 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.142003059 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.142024040 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.142177105 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.142183065 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.142221928 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.159287930 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.159310102 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.159396887 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.159420013 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.159457922 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.187980890 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.188014030 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.188055992 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.188061953 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.188108921 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.209357977 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.209379911 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.209434986 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.209445953 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.209471941 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.209487915 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.227174997 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.227195978 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.227260113 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.227268934 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.227319002 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.227760077 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.245831966 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.245852947 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.245889902 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.245913982 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.245956898 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.246032953 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.262999058 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.263020992 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.263061047 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.263067007 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.263092995 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.263111115 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.288707972 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.288759947 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.288777113 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.288784981 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.288806915 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.288825989 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.308818102 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.308891058 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.308917046 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.308944941 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.308959007 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.308984995 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.327292919 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.327327013 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.327373028 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.327400923 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.327433109 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.327455044 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.348769903 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.348818064 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.348849058 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.348875046 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.348901987 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.348922968 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.368535995 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.368591070 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.368626118 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.368650913 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.368668079 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.368690014 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.390659094 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.390712023 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.390743971 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.390769958 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.390788078 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.390813112 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.404695034 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.404730082 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.404850006 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.404874086 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.404911995 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.424519062 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.424549103 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.424593925 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.424616098 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.424647093 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.424664974 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.441329956 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.441376925 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.441406965 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.441427946 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.441453934 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.441473007 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.460216999 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.460289001 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.460303068 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.460331917 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.460356951 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.460376024 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.480897903 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.480946064 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.481003046 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.481033087 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.481057882 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.481076956 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.497106075 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.497149944 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.497179985 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.497206926 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.497225046 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.497250080 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.511444092 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.511464119 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.511506081 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.511531115 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.511554003 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.511570930 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.529320955 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.529342890 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.529386997 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.529413939 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.529432058 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.529453993 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.549571991 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.549617052 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.549643040 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.549668074 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.549694061 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.549711943 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.569878101 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.569922924 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.569974899 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.570004940 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.570018053 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.570175886 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.586391926 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.586436987 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.586544991 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.586544991 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.586572886 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.586626053 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.603765965 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.603821993 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.603835106 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.603847027 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.603885889 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.603905916 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.615480900 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.615523100 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.615551949 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.615561008 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.615592003 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.615609884 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.634888887 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.634941101 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.634965897 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.634977102 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.635014057 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.635020971 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.653069019 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.653114080 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.653148890 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.653156996 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.653192043 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.653214931 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.667509079 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.667567968 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.667587996 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.667597055 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.667644978 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.684933901 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.684953928 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.684998035 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.685005903 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.685045958 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.698306084 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.698331118 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.698499918 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.698523045 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.698594093 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.717600107 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.717627048 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.717681885 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.717710018 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.717727900 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.717771053 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.730536938 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.730565071 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.730614901 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.730622053 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.730673075 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.750634909 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.750654936 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.750778913 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.750780106 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.750802040 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.750854969 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.765183926 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.765201092 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.765294075 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.765302896 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.765352011 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.779597998 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.779613972 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.779720068 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.779743910 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.779807091 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.793926001 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.793955088 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.793996096 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.794003010 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.794044018 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.808613062 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.808631897 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.808698893 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.808706045 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.808747053 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.830899000 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.830923080 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.830981016 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.830991983 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.831043959 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.843672037 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.843692064 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.843754053 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.843760967 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.843796015 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.855133057 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.855153084 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.855211973 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.855221987 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.855262995 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.857321978 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.857402086 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.857455015 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.857475996 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.857489109 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.857489109 CET49697443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:37.857496023 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:37.857503891 CET4434969713.107.246.40192.168.2.7
                Mar 28, 2025 11:24:41.731759071 CET49698443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:41.731821060 CET4434969813.107.246.40192.168.2.7
                Mar 28, 2025 11:24:41.731883049 CET49698443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:41.732142925 CET49698443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:41.732160091 CET4434969813.107.246.40192.168.2.7
                Mar 28, 2025 11:24:41.732372999 CET49699443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:41.732419014 CET4434969913.107.246.40192.168.2.7
                Mar 28, 2025 11:24:41.732474089 CET49699443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:41.732639074 CET49699443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:41.732651949 CET4434969913.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.000761032 CET4434969813.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.001219988 CET49698443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:42.001267910 CET4434969813.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.002140045 CET49698443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:42.002150059 CET4434969813.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.003593922 CET4434969913.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.004085064 CET49699443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:42.004108906 CET4434969913.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.005254984 CET49699443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:42.005260944 CET4434969913.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.174524069 CET4434969913.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.174577951 CET4434969913.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.174746990 CET49699443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:42.174772024 CET4434969913.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.175462008 CET4434969913.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.175611019 CET49699443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:42.175709009 CET49699443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:42.175724983 CET4434969913.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.175740957 CET49699443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:42.175745964 CET4434969913.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.190112114 CET4434969813.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.190206051 CET4434969813.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.190380096 CET49698443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:42.191453934 CET49698443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:42.191487074 CET4434969813.107.246.40192.168.2.7
                Mar 28, 2025 11:24:42.191504955 CET49698443192.168.2.713.107.246.40
                Mar 28, 2025 11:24:42.191514015 CET4434969813.107.246.40192.168.2.7
                TimestampSource PortDest PortSource IPDest IP
                Mar 28, 2025 11:24:05.162138939 CET5355451162.159.36.2192.168.2.7
                Mar 28, 2025 11:24:35.761569023 CET5431453192.168.2.71.1.1.1
                Mar 28, 2025 11:24:35.846549988 CET53543141.1.1.1192.168.2.7

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Mar 28, 2025 11:24:35.761569023 CET192.168.2.71.1.1.10x37a1Standard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Mar 28, 2025 11:23:31.072367907 CET1.1.1.1192.168.2.70xa45fNo error (0)ecs-office.s-0005.dual-s-msedge.nets-0005.dual-s-msedge.netCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2025 11:23:31.072367907 CET1.1.1.1192.168.2.70xa45fNo error (0)s-0005.dual-s-msedge.net52.123.129.14A (IP address)IN (0x0001)false
                Mar 28, 2025 11:23:31.072367907 CET1.1.1.1192.168.2.70xa45fNo error (0)s-0005.dual-s-msedge.net52.123.128.14A (IP address)IN (0x0001)false
                Mar 28, 2025 11:23:32.571656942 CET1.1.1.1192.168.2.70xa970No error (0)bg.microsoft.map.fastly.net151.101.46.172A (IP address)IN (0x0001)false
                Mar 28, 2025 11:24:35.846549988 CET1.1.1.1192.168.2.70x37a1No error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2025 11:24:35.846549988 CET1.1.1.1192.168.2.70x37a1No error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2025 11:24:35.846549988 CET1.1.1.1192.168.2.70x37a1No error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2025 11:24:35.846549988 CET1.1.1.1192.168.2.70x37a1No error (0)shed.dual-low.s-part-0012.t-0009.t-msedge.nets-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2025 11:24:35.846549988 CET1.1.1.1192.168.2.70x37a1No error (0)s-part-0012.t-0009.t-msedge.net13.107.246.40A (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • otelrules.svc.static.microsoft

                HTTPS Proxied Packets

                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.74969713.107.246.404436636C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                TimestampBytes transferredDirectionData
                2025-03-28 10:24:36 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                Connection: Keep-Alive
                Accept-Encoding: gzip
                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                Host: otelrules.svc.static.microsoft
                2025-03-28 10:24:36 UTC500INHTTP/1.1 200 OK
                Date: Fri, 28 Mar 2025 10:24:36 GMT
                Content-Type: text/plain
                Content-Length: 1114783
                Connection: close
                Vary: Accept-Encoding
                Cache-Control: public
                Last-Modified: Thu, 27 Mar 2025 15:21:29 GMT
                ETag: "0x8DD6D430C322EE9"
                x-ms-request-id: 84ee00c9-f01e-0003-11af-9f4453000000
                x-ms-version: 2018-03-28
                x-azure-ref: 20250328T102436Z-186b855ff67w57v5hC1NYC7m500000000qe0000000000z8w
                x-fd-int-roxy-purgeid: 0
                X-Cache-Info: L2_T2
                X-Cache: TCP_REMOTE_HIT
                Accept-Ranges: bytes
                2025-03-28 10:24:36 UTC15884INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                2025-03-28 10:24:36 UTC16384INData Raw: 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43
                Data Ascii: S T="1" /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C
                2025-03-28 10:24:36 UTC16384INData Raw: 20 20 20 3c 2f 41 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43
                Data Ascii: </A> </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C
                2025-03-28 10:24:36 UTC16384INData Raw: 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20
                Data Ascii: "AND"> <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE">
                2025-03-28 10:24:36 UTC16384INData Raw: 54 3d 22 55 33 32 22 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20
                Data Ascii: T="U32" I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C>
                2025-03-28 10:24:36 UTC16384INData Raw: 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32
                Data Ascii: 1.0" encoding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e2
                2025-03-28 10:24:36 UTC16384INData Raw: 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20
                Data Ascii: ="2" E="TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S>
                2025-03-28 10:24:36 UTC16384INData Raw: 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20
                Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R>
                2025-03-28 10:24:36 UTC16384INData Raw: 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70
                Data Ascii: </F> <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownExcep
                2025-03-28 10:24:36 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c
                Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                1192.168.2.74969813.107.246.404436636C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                TimestampBytes transferredDirectionData
                2025-03-28 10:24:41 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                Connection: Keep-Alive
                Accept-Encoding: gzip
                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                Host: otelrules.svc.static.microsoft
                2025-03-28 10:24:42 UTC491INHTTP/1.1 200 OK
                Date: Fri, 28 Mar 2025 10:24:42 GMT
                Content-Type: text/xml
                Content-Length: 204
                Connection: close
                Cache-Control: public, max-age=604800, immutable
                Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                ETag: "0x8DC582BB6C8527A"
                x-ms-request-id: 810247d7-601e-0002-5db2-9fa786000000
                x-ms-version: 2018-03-28
                x-azure-ref: 20250328T102442Z-17cccd5449bsm7zrhC1EWR8efs00000003a0000000001x6q
                x-fd-int-roxy-purgeid: 0
                X-Cache-Info: L1_T2
                X-Cache: TCP_HIT
                Accept-Ranges: bytes
                2025-03-28 10:24:42 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                2192.168.2.74969913.107.246.404436636C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                TimestampBytes transferredDirectionData
                2025-03-28 10:24:42 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                Connection: Keep-Alive
                Accept-Encoding: gzip
                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                Host: otelrules.svc.static.microsoft
                2025-03-28 10:24:42 UTC494INHTTP/1.1 200 OK
                Date: Fri, 28 Mar 2025 10:24:42 GMT
                Content-Type: text/xml
                Content-Length: 2128
                Connection: close
                Vary: Accept-Encoding
                Cache-Control: public, max-age=604800, immutable
                Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                ETag: "0x8DC582BA41F3C62"
                x-ms-request-id: 788ac460-101e-0028-1057-9e8f64000000
                x-ms-version: 2018-03-28
                x-azure-ref: 20250328T102442Z-186b855ff67prrj9hC1NYC7zb80000000qbg0000000024yw
                x-fd-int-roxy-purgeid: 0
                X-Cache: TCP_HIT
                Accept-Ranges: bytes
                2025-03-28 10:24:42 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


                Statistics

                CPU Usage

                050100s020406080100

                Click to jump to process

                Memory Usage

                050100s0.0050100150200MB

                Click to jump to process

                High Level Behavior Distribution

                • File
                • Registry

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:06:23:26
                Start date:28/03/2025
                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                Wow64 process (32bit):true
                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                Imagebase:0xcd0000
                File size:53'161'064 bytes
                MD5 hash:4A871771235598812032C822E6F68F19
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:false
                Show Windows behavior

                File Activities

                Show Windows behavior

                Section Activities

                Show Windows behavior

                Registry Activities

                Show Windows behavior

                COM Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                Process Activities

                Show Windows behavior

                Thread Activities

                Show Windows behavior

                Memory Activities

                Show Windows behavior

                System Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                Windows UI Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                General

                Target ID:11
                Start time:06:24:30
                Start date:28/03/2025
                Path:C:\Windows\splwow64.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\splwow64.exe 12288
                Imagebase:0x7ff618760000
                File size:163'840 bytes
                MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:false
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                Section Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                Process Activities

                Show Windows behavior

                Thread Activities

                Show Windows behavior

                Memory Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                Disassembly

                No disassembly