Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LISTADO HOTEL INCRESA 2024.xlsx

Overview

General Information

Sample name:LISTADO HOTEL INCRESA 2024.xlsx
Analysis ID:1430185
MD5:413f836936871d6deee6d20d8df59b83
SHA1:34725dab71acedbc71b0de51fb33fc6ada52662d
SHA256:4daeb47e659fa0d20245d72f5eece978e63645cb03a7097805976e5dd8727a8d
Infos:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections

Classification

Analysis Advice

Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook
No malicious behavior found, analyze the document also on other version of Office / Acrobat

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 2180 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 4028 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.41, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 2180, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49733
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.5, DestinationIsIpv6: false, DestinationPort: 49733, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 2180, Protocol: tcp, SourceIp: 13.107.246.41, SourceIsIpv6: false, SourcePort: 443

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49735
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49736
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49737
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49735
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49736
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49737
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49736
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49737
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49735
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49736
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49736
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49737
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49737
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49735
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49735
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49737
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49735
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49736
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49735
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49735
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49735 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49735
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49735
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49733 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49733
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49739
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49739
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49737
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49737
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49737
Source: global trafficTCP traffic: 192.168.2.5:49737 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49737
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49740
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49740
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 192.168.2.5:49734 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49734
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49741
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49741
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49736
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49736
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49736 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49736
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49736
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49742
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49742
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49739
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49739
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49739
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49740
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49740
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49740
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49741
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49741
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49741
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49742
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49742
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49742
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49740
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49740
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49740 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49740
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49740
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49739
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49739
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49741
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49741
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49742
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49742
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49742
Source: global trafficTCP traffic: 192.168.2.5:49742 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49742
Source: global trafficTCP traffic: 192.168.2.5:49739 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49739
Source: global trafficTCP traffic: 192.168.2.5:49741 -> 13.107.246.41:443
Source: global trafficTCP traffic: 13.107.246.41:443 -> 192.168.2.5:49741
Source: excel.exeMemory has grown: Private usage: 1MB later: 74MB
Source: Joe Sandbox ViewIP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox ViewIP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: global trafficHTTP traffic detected: GET /rules/rule63067v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule324002v5s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule170012v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule324001v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule490016v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule324003v5s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule324004v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule324005v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule324006v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule324007v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: E77E8343.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engineClassification label: clean4.winXLSX@3/5@0/1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$LISTADO HOTEL INCRESA 2024.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{C27BA2E9-9FA1-4BB8-A3D9-DB5B38D24211} - OProcSessId.datJump to behavior
Source: LISTADO HOTEL INCRESA 2024.xlsxOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000303-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: LISTADO HOTEL INCRESA 2024.xlsxInitial sample: OLE zip file path = xl/calcChain.xml
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: LISTADO HOTEL INCRESA 2024.xlsxInitial sample: OLE indicators vbamacros = False
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 828Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
part-0013.t-0009.t-msedge.net0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
part-0013.t-0009.t-msedge.net
13.107.246.41
truefalseunknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
13.107.246.41
part-0013.t-0009.t-msedge.netUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1430185
Start date and time:2024-04-23 09:22:30 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 22s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsofficecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:LISTADO HOTEL INCRESA 2024.xlsx
Detection:CLEAN
Classification:clean4.winXLSX@3/5@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .xlsx
  • Found Word or Excel or PowerPoint or XPS Viewer
  • Attach to Office via COM
  • Scroll down
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 52.109.0.91, 52.109.6.63, 23.221.242.90, 52.113.194.132, 72.21.81.240, 20.189.173.3
  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, eus2-azsc-000.roaming.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, osiprod-eus2-buff-azsc-000.eastus2.cloudapp.azure.com, wu.azureedge.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, wus-azsc-config.officeapps.live.com, hlb.apr-52dd2-0.edgecastdns.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, self.events.data.microsoft.com, onedscolprdwus02.westus.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, us1.roamin
  • Report size getting too big, too many NtCreateKey calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

TimeTypeDescription
09:24:23API Interceptor852x Sleep call for process: splwow64.exe modified

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
13.107.246.41http://www.surveymonkey.com/tr/v1/te/PUEIZHbYTJGrZEIkVMWlCoicdktJQxDgUh5D5mhe1V5RrTmuIdynx7PnFHXRUx9slMgQjvZdyUWqhr_2Bl49oNXjy3TOleTjKMKR6WbsGcrstlT2syBMlSkW7U5aKlKcBD9NFqJqrxGyODSWJJr6_2BMbXsKkDA_2F0ep4iw23xw6huuM_3DGet hashmaliciousUnknownBrowse
  • www.eand.com/en/index.html
02-11-2024 MVP.htmlGet hashmaliciousUnknownBrowse
  • www.mvphealthcare.com/
02-11-2024 MVP.htmlGet hashmaliciousUnknownBrowse
  • www.mvphealthcare.com/
http://y84x.mjt.lu/lnk/CAAABPdweCoAAAAAAAAAAAVG8MwAAAA6pnMAAAAAAAvpOQBlhIO4-ImJ1UImRBC5CNVIkLSaswAL-7Q/2/r-vXj7XjX0azsD7QNKNH-A/aHR0cHM6Ly9hcHBjZW50ZXIubXMvaW52aXRhdGlvbnMvb3JnL2IxNjM2ZDYzMTE0YTM0MjBkYWFmNTg4YTE5N2Y0N2MxNGY4ZDViNWMyM2ZjM2RhYTgxMWM0ODgwOWM1ZTZkNjQGet hashmaliciousUnknownBrowse
  • appcenter.ms/
http://url7816.acetaxi.com/ls/click?upn=k9eqZnPBEZmPVPka3LxS61O1ksdCJOgznvtiwccqzi2-2BneqvfCXEJ-2FQj-2BZo7snmCwDunBahf2LYhfs7qQp7-2F23xLStq-2BkxJ70xqVvyXzkWM-3D8Cie_z5TGfmB4A65PPE2hDgRdrx6OZsZ3AmrJLHJ0M9ePWeHP5QDTWsAVp117uXam9dNn-2BGSxHeP-2BInRF-2Bgy2v-2FXBPODjmLss6NRV2RYsUYD7um77hgLl0ET9pPGTHF-2BQ1m6-2Fw7-2B-2B9DJOpakZj874YLC8uUep0F7rZMDlM46gmHmQqqAeCV477M0h2b07T2IcXu0hzUcKftN0UG2jhPq8qo00cQl0gvOLl-2BjChyaOdLpENao-3DGet hashmaliciousUnknownBrowse
  • twiliosolutions.azurefd.net/

Domains

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
part-0013.t-0009.t-msedge.netszamla_sorszam_8472.xlsmGet hashmaliciousUnknownBrowse
  • 13.107.246.41
https://22apmic22.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
  • 13.107.246.41
https://pub-4b7bb8835c824e67a15332b376de2d9d.r2.dev/mafo.htmlGet hashmaliciousHTMLPhisherBrowse
  • 13.107.213.41
https://www.freelancer.com/users/login-quick.php?token=30b3628412ea618dcc3f414b266ae263302b3e1b43e6d2d885225319dabe8e68&url=https://absoluteepoxyflooring.com.au/0auth&user_id=13769623&expire_at=1569845677&uniqid=13769623-38750-5d42d7ad-e72874f2&linkid=0Get hashmaliciousHTMLPhisherBrowse
  • 13.107.213.41
https://secure.rightsignature.com/signers/72685de1-0891-4676-ba51-0639e8aac386/sign?identity_token=e9BkbAE3-a65UvyeRkxLGet hashmaliciousHTMLPhisherBrowse
  • 13.107.213.41
https://eu.docusign.net/Signing/EmailStart.aspx?a=c2316afe-212a-443e-8085-9617c789ff9e&acct=3b74c8d0-0c86-4fe6-a37e-391f3ae29b50&er=eaaa56e8-48ca-4278-8838-760c6115596aGet hashmaliciousHTMLPhisherBrowse
  • 13.107.213.41
https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bm-2FvOge1W36GwvuSdih0P4JugvzV4-2FrWyPqZWCP-2FjIBNLIQsDH-2BiJ-2FwtGIsQEo-2F1lg-3D-3DD4vy_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkMIeqE5kJRv-2BwjlJ-2BTz9LaXXbddhQoxXZFjW61L1BulkplVPhKO5ARKFw4WBNXwUjDYnN9WjvMC1qZal-2BSbiVhkNDXHzo0-2BRl2juwpMn3h9dNAq9ZBCf8LnPEOZY9GqbZetUAeU7Eutkrra6RqLG0LYTAB9pnUknxEinL3j6RW-2F5AawLVk6-2FJEsz0F-2FhvPx4oc-3DGet hashmaliciousHTMLPhisherBrowse
  • 13.107.246.41
https://www.epa.gov/climateleadership/simplified-ghg-emissions-calculatorGet hashmaliciousUnknownBrowse
  • 13.107.246.41
https://cloudflare-ipfs.com/ipfs/QmWhG4PY6RXe5T7UakJVFDfTnjN6pte6LhpzoEmpDK7232#drusso@he-equipment.comGet hashmaliciousUnknownBrowse
  • 13.107.246.41
https://89f6e026.cb86b095596b82eb82d2af17.workers.dev?qrc=Y2d1dGllcnJlekBicm9zZXRhLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
  • 13.107.246.41

ASNs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
MICROSOFT-CORP-MSN-AS-BLOCKUS5SLBlv4aUS.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
  • 20.157.87.45
anuwhqTXGt.dllGet hashmaliciousUnknownBrowse
  • 168.61.215.74
Gam.xlsGet hashmaliciousUnknownBrowse
  • 13.107.246.40
XAcuSo8KDa.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
  • 20.157.87.45
f0FSseHktD.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
  • 20.157.87.45
https://url.avanan.click/v2/___https:/novafr-my.sharepoint.com/:b:/g/personal/mfranco_nova-fr_org/EZPaIwPkDApNno6rWIAO20YB4ByiRCAe_VGScx-2iiONBw?e=magUuY/___.YXAzOmVuLW1kYTphOm86ZDA4MDI5MGVhZTA1MzJiMWZlYTg0YjE1OWE2NmVhNjc6NjplYTNkOjc2NzNkYWE0NTMzNWVhMjkxM2VjMGU1NGMyNDY3ZjVhNmJhNjU0MTk1ZmRjMzUzM2QxODAyNDVjY2E1Y2M1ODY6aDpUGet hashmaliciousHTMLPhisherBrowse
  • 13.107.136.10
wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
  • 20.157.87.45
8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
  • 20.157.87.45
f6pwu0HWXe.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
  • 20.157.87.45
V9TdcUeNlV.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
  • 20.157.87.45

JA3 Fingerprints

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
a0e9f5d64349fb13191bc781f81f42e1Gam.xlsGet hashmaliciousUnknownBrowse
  • 13.107.246.41
szamla_sorszam_8472.xlsmGet hashmaliciousUnknownBrowse
  • 13.107.246.41
iPUk65i3yI.exeGet hashmaliciousLummaCBrowse
  • 13.107.246.41
asbpKOngY0.exeGet hashmaliciousLummaCBrowse
  • 13.107.246.41
VdwJB2cS5l.exeGet hashmaliciousRemcos, DBatLoaderBrowse
  • 13.107.246.41
https://www.epa.gov/climateleadership/simplified-ghg-emissions-calculatorGet hashmaliciousUnknownBrowse
  • 13.107.246.41
SecuriteInfo.com.Win32.RATX-gen.9491.24773.exeGet hashmaliciousRemcos, DBatLoaderBrowse
  • 13.107.246.41
https://mota-engil.caf0sa.com/tiyamike.chikabadwa56078874fessdGl5YW1pa2UuY2hpa2FiYWR3YUBtb3RhLWVuZ2lsLnB097140964?5101245168264822=2215800694735574#dGl5YW1pa2UuY2hpa2FiYWR3YUBtb3RhLWVuZ2lsLnB0Get hashmaliciousUnknownBrowse
  • 13.107.246.41
Purchase order.exeGet hashmaliciousRemcos, DBatLoaderBrowse
  • 13.107.246.41
Quotation 20242204.exeGet hashmaliciousRemcos, DBatLoaderBrowse
  • 13.107.246.41

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
Category:dropped
Size (bytes):4770
Entropy (8bit):7.946747821604857
Encrypted:false
SSDEEP:96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA1:719C37C320F518AC168C86723724891950911CEA
SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
Malicious:false
Reputation:moderate, very likely benign file
Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:data
Category:dropped
Size (bytes):338
Entropy (8bit):3.1667070084421374
Encrypted:false
SSDEEP:6:kK1MAN+SkQlPlEGYRMY9z+s3Ql2DUevat:akPlE99SCQl2DUevat
MD5:C2957B1407EC28B90B7BB006A4F7A49F
SHA1:3A085AA433BA9B7F8D3BC97C5F0979238EB632B7
SHA-256:1B31233FB124F897AE13567457034C36887BBA82EE5ADE49D248065521AA1419
SHA-512:0A37B0A9476A1072E4DA146312DF948F30687895D9D8618BDED958D2C9B11E9ACA3456A94D202E2965E3E1DA5D17ABADDE661AE10F47761029953A65B30FF260
Malicious:false
Reputation:low
Preview:p...... ..........` O...(....................................................... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E77E8343.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):1536
Entropy (8bit):1.1464700112623651
Encrypted:false
SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
MD5:72F5C05B7EA8DD6059BF59F50B22DF33
SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
Malicious:false
Reputation:high, very likely benign file
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFE258062BAB464E9D.TMP

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:data
Category:dropped
Size (bytes):512
Entropy (8bit):0.0
Encrypted:false
SSDEEP:3::
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:false
Reputation:high, very likely benign file
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\~$LISTADO HOTEL INCRESA 2024.xlsx

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:data
Category:dropped
Size (bytes):165
Entropy (8bit):1.5231029153786204
Encrypted:false
SSDEEP:3:sYp5lFltt:sYp5Nv
MD5:B77267835A6BEAC785C351BDE8E1A61C
SHA1:FABD93A92989535D43233E3DB9C6579D8174740E
SHA-256:3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3
SHA-512:FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033
Malicious:false
Reputation:moderate, very likely benign file
Preview:.user ..a.l.f.o.n.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General

File type:Microsoft Excel 2007+
Entropy (8bit):6.915763201307942
TrID:
  • Excel Microsoft Office Open XML Format document (40004/1) 83.33%
  • ZIP compressed archive (8000/1) 16.67%
File name:LISTADO HOTEL INCRESA 2024.xlsx
File size:10'697 bytes
MD5:413f836936871d6deee6d20d8df59b83
SHA1:34725dab71acedbc71b0de51fb33fc6ada52662d
SHA256:4daeb47e659fa0d20245d72f5eece978e63645cb03a7097805976e5dd8727a8d
SHA512:7f654f3187f5b4e456dc8fa8ed782aed3b04de0bf69510922b1b5dc90b694c79a835ffcde10380fab37b031c92fa428edc169f3f502e042b1016d4d7e00d2e34
SSDEEP:96:vWsh0i+OXNcLC30glP5UnuoMFWsCp2om28pbyI6JF5LDIcfRCeCiZC21buvxnwr3:ushwOXy+Lug1A2dpWIbcIbKInO7oqc7C
TLSH:18227C39E581312DDA37147CD40601E0E05929925F17649E78507A9D3F91AAB13EF3DF
File Content Preview:PK..........!.t6Z.z...........[Content_Types].xml ...(.........................................................................................................................................................................................................

File Icon

Icon Hash:35e58a8c0c8a85b9

Static OLE Info

General

Document Type:OpenXML
Number of OLE Files:1

OLE File "LISTADO HOTEL INCRESA 2024.xlsx"

Indicators
Has Summary Info:
Application Name:
Encrypted Document:False
Contains Word Document Stream:False
Contains Workbook/Book Stream:True
Contains PowerPoint Document Stream:False
Contains Visio Document Stream:False
Contains ObjectPool Stream:False
Flash Objects Count:0
Contains VBA Macros:False

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Apr 23, 2024 09:24:28.590140104 CEST49733443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.590223074 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.590364933 CEST49734443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.590393066 CEST49733443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.590457916 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.590665102 CEST49734443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.590783119 CEST49735443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.590857029 CEST4434973513.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.590934038 CEST49736443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.590943098 CEST49735443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.591000080 CEST4434973613.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.591109991 CEST49736443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.591145039 CEST49733443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.591182947 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.591360092 CEST49737443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.591406107 CEST4434973713.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.591424942 CEST49734443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.591459036 CEST49737443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.591464043 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.591504097 CEST49735443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.591535091 CEST4434973513.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.591608047 CEST49736443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.591638088 CEST4434973613.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.591691017 CEST49737443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.591706991 CEST4434973713.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.930851936 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.930933952 CEST49733443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.932485104 CEST4434973613.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.932517052 CEST49733443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.932535887 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.932568073 CEST49736443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.932878971 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.933147907 CEST4434973713.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.933212996 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.933240891 CEST49737443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.933273077 CEST49734443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.933907986 CEST4434973513.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.934000969 CEST49735443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.934590101 CEST49736443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.934597015 CEST49733443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.934604883 CEST4434973613.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.934978962 CEST4434973613.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.936458111 CEST49737443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.936485052 CEST4434973713.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.936621904 CEST49734443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.936646938 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.937036991 CEST4434973713.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.937143087 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.938250065 CEST49737443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.938308001 CEST49735443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.938340902 CEST4434973513.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.938702106 CEST4434973513.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.938869953 CEST49734443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.940409899 CEST49735443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.941239119 CEST49736443192.168.2.513.107.246.41
Apr 23, 2024 09:24:28.976161003 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.980140924 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.984123945 CEST4434973713.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.984142065 CEST4434973513.107.246.41192.168.2.5
Apr 23, 2024 09:24:28.984147072 CEST4434973613.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.139216900 CEST4434973513.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.139372110 CEST4434973513.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.139668941 CEST49735443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.140250921 CEST49735443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.140250921 CEST49735443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.140297890 CEST4434973513.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.140324116 CEST4434973513.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.148495913 CEST49738443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.148539066 CEST4434973813.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.149024010 CEST49738443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.149024010 CEST49738443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.149063110 CEST4434973813.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.151705980 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.151760101 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.151804924 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.151869059 CEST49733443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.151901960 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.151958942 CEST49733443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.151994944 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.152045965 CEST49733443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.152122021 CEST49733443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.152122021 CEST49733443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.152151108 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.152173042 CEST4434973313.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.161031008 CEST49739443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.161117077 CEST4434973913.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.161209106 CEST49739443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.161361933 CEST49739443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.161401987 CEST4434973913.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.178663015 CEST4434973713.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.178884983 CEST4434973713.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.179069996 CEST49737443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.179111004 CEST49737443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.179130077 CEST4434973713.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.179143906 CEST49737443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.179151058 CEST4434973713.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.186719894 CEST49740443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.186794996 CEST4434974013.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.186887026 CEST49740443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.187050104 CEST49740443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.187071085 CEST4434974013.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.279400110 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.279486895 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.279664993 CEST49734443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.279723883 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.279762983 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.279831886 CEST49734443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.279833078 CEST49734443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.279877901 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.279911995 CEST49734443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.279927969 CEST4434973413.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.287667036 CEST49741443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.287744999 CEST4434974113.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.287822008 CEST49741443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.287969112 CEST49741443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.288006067 CEST4434974113.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.291387081 CEST4434973613.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.291568995 CEST4434973613.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.291647911 CEST49736443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.291744947 CEST49736443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.291745901 CEST49736443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.291784048 CEST4434973613.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.291810989 CEST4434973613.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.298871994 CEST49742443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.298902035 CEST4434974213.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.299025059 CEST49742443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.299158096 CEST49742443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.299176931 CEST4434974213.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.474672079 CEST4434973813.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.475195885 CEST49738443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.475222111 CEST4434973813.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.476366997 CEST49738443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.476372957 CEST4434973813.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.486563921 CEST4434973913.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.487128973 CEST49739443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.487189054 CEST4434973913.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.487829924 CEST49739443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.487844944 CEST4434973913.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.519992113 CEST4434974013.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.520524025 CEST49740443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.520555973 CEST4434974013.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.521595001 CEST49740443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.521600962 CEST4434974013.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.621395111 CEST4434974113.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.622031927 CEST49741443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.622088909 CEST4434974113.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.623189926 CEST49741443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.623204947 CEST4434974113.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.625607014 CEST4434974213.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.625941038 CEST49742443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.625952959 CEST4434974213.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.626773119 CEST49742443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.626779079 CEST4434974213.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.683901072 CEST4434973813.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.684115887 CEST4434973813.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.684257030 CEST49738443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.684303999 CEST49738443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.684319019 CEST4434973813.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.684334040 CEST49738443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.684340954 CEST4434973813.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.731172085 CEST4434974013.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.731349945 CEST4434974013.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.731503010 CEST49740443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.731564999 CEST49740443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.731564999 CEST49740443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.731595039 CEST4434974013.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.731617928 CEST4434974013.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.740145922 CEST4434973913.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.740300894 CEST4434973913.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.740504980 CEST49739443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.740505934 CEST49739443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.740505934 CEST49739443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.878237009 CEST4434974113.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.878382921 CEST4434974113.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.878597975 CEST49741443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.878597975 CEST49741443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.878597975 CEST49741443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.983201027 CEST4434974213.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.983383894 CEST4434974213.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.983459949 CEST49742443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.983688116 CEST49742443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.983710051 CEST4434974213.107.246.41192.168.2.5
Apr 23, 2024 09:24:29.983732939 CEST49742443192.168.2.513.107.246.41
Apr 23, 2024 09:24:29.983741045 CEST4434974213.107.246.41192.168.2.5
Apr 23, 2024 09:24:30.046363115 CEST49739443192.168.2.513.107.246.41
Apr 23, 2024 09:24:30.046432972 CEST4434973913.107.246.41192.168.2.5
Apr 23, 2024 09:24:30.186875105 CEST49741443192.168.2.513.107.246.41
Apr 23, 2024 09:24:30.186939955 CEST4434974113.107.246.41192.168.2.5

DNS Answers

TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
Apr 23, 2024 09:24:28.589131117 CEST1.1.1.1192.168.2.50xa9f6No error (0)shed.dual-low.part-0013.t-0009.t-msedge.netpart-0013.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
Apr 23, 2024 09:24:28.589131117 CEST1.1.1.1192.168.2.50xa9f6No error (0)part-0013.t-0009.t-msedge.net13.107.246.41A (IP address)IN (0x0001)false
Apr 23, 2024 09:24:28.589131117 CEST1.1.1.1192.168.2.50xa9f6No error (0)part-0013.t-0009.t-msedge.net13.107.213.41A (IP address)IN (0x0001)false

HTTP Request Dependency Graph

  • otelrules.azureedge.net

HTTPS Proxied Packets

Session IDSource IPSource PortDestination IPDestination PortPIDProcess
0192.168.2.54973313.107.246.414432180C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
TimestampBytes transferredDirectionData
2024-04-23 07:24:28 UTC206OUTGET /rules/rule63067v4s19.xml HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
Host: otelrules.azureedge.net
2024-04-23 07:24:29 UTC584INHTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 07:24:29 GMT
Content-Type: text/xml
Content-Length: 2871
Connection: close
Vary: Accept-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Cache-Control: public, max-age=604800, immutable
Last-Modified: Tue, 09 Apr 2024 00:28:05 GMT
ETag: "0x8DC582BEC5E84E0"
x-ms-request-id: c8e678c6-c01e-0047-5d45-95d7e7000000
x-ms-version: 2018-03-28
x-azure-ref: 20240423T072429Z-16f56cb894fsdl45k3m180w6b000000000bg000000004nru
x-fd-int-roxy-purgeid: 0
X-Cache-Info: L1_T2
X-Cache: TCP_HIT
Accept-Ranges: bytes
2024-04-23 07:24:29 UTC2871INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 36 33 30 36 37 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 49 64 65 6e 74 69 74 79 2e 53 73 70 69 50 72 6f 6d 70 74 57 69 6e 33 32 22 20 41 54 54 3d 22 35 63 36 35 62 62 63 34 65 64 62 66 34 38 30 64 39 36 33 37 61 63 65 30 34 64 36 32 62 64 39 38 2d 31 32 38 34 34 38 39 33 2d 38 61 62 39 2d 34 64 64 65 2d 62 38 35 30 2d 35 36 31 32 63 62 31 32 65 30 66 32 2d 37 38 32 32 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20
Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="63067" V="4" DC="SM" EN="Office.Identity.SspiPromptWin32" ATT="5c65bbc4edbf480d9637ace04d62bd98-12844893-8ab9-4dde-b850-5612cb12e0f2-7822" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <S>


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
1192.168.2.54973713.107.246.414432180C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
TimestampBytes transferredDirectionData
2024-04-23 07:24:28 UTC207OUTGET /rules/rule324002v5s19.xml HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
Host: otelrules.azureedge.net
2024-04-23 07:24:29 UTC471INHTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 07:24:29 GMT
Content-Type: text/xml
Content-Length: 833
Connection: close
Cache-Control: public, max-age=604800, immutable
Last-Modified: Tue, 09 Apr 2024 00:27:33 GMT
ETag: "0x8DC582BD9758B35"
x-ms-request-id: 02964dcc-e01e-003d-324f-952bf2000000
x-ms-version: 2018-03-28
x-azure-ref: 20240423T072429Z-16f56cb894fdm9r7z8wfs1qqw000000000mg000000002g51
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_MISS
Accept-Ranges: bytes
2024-04-23 07:24:29 UTC833INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 33 32 34 30 30 32 22 20 56 3d 22 35 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 45 78 74 65 6e 73 69 62 69 6c 69 74 79 2e 56 62 61 54 65 6c 65 6d 65 74 72 79 44 65 63 6c 61 72 65 22 20 41 54 54 3d 22 64 62 33 33 34 62 33 30 31 65 37 62 34 37 34 64 62 35 65 30 66 30 32 66 30 37 63 35 31 61 34 37 2d 61 31 62 35 62 63 33 36 2d 31 62 62 65 2d 34 38 32 66 2d 61 36 34 61 2d 63 32 64 39 63 62 36 30 36 37 30 36 2d 37 34 33 39 22 20 44 43 61 3d 22 44 43 20 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 30
Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="324002" V="5" DC="SM" EN="Office.Extensibility.VbaTelemetryDeclare" ATT="db334b301e7b474db5e0f02f07c51a47-a1b5bc36-1bbe-482f-a64a-c2d9cb606706-7439" DCa="DC PSP PSU" xmlns=""> <S> <UTS T="1" Id="b0


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
2192.168.2.54973413.107.246.414432180C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
TimestampBytes transferredDirectionData
2024-04-23 07:24:28 UTC208OUTGET /rules/rule170012v10s19.xml HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
Host: otelrules.azureedge.net
2024-04-23 07:24:29 UTC564INHTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 07:24:29 GMT
Content-Type: text/xml
Content-Length: 1523
Connection: close
Vary: Accept-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Cache-Control: public, max-age=604800, immutable
Last-Modified: Tue, 09 Apr 2024 00:27:33 GMT
ETag: "0x8DC582BD969CD29"
x-ms-request-id: f306c01d-001e-001f-1a4f-95ecc5000000
x-ms-version: 2018-03-28
x-azure-ref: 20240423T072429Z-16f7b4795d4pfbdj6q9eu17xg400000004w0000000002wa4
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_MISS
Accept-Ranges: bytes
2024-04-23 07:24:29 UTC1523INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 37 30 30 31 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 47 72 61 70 68 69 63 73 2e 47 56 69 7a 49 6e 6b 53 74 72 6f 6b 65 22 20 41 54 54 3d 22 63 66 63 66 64 62 39 31 63 36 38 63 34 33 32 39 62 62 38 62 37 63 62 37 62 61 62 62 33 63 66 37 2d 65 30 38 32 63 32 66 32 2d 65 66 31 64 2d 34 32 37 61 2d 61 63 34 64 2d 62 30 62 37 30 30 61 66 65 37 61 37 2d 37 36 35 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54
Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="170012" V="10" DC="SM" EN="Office.Graphics.GVizInkStroke" ATT="cfcfdb91c68c4329bb8b7cb7babb3cf7-e082c2f2-ef1d-427a-ac4d-b0b700afe7a7-7655" SP="CriticalBusinessImpact" DCa="PSU" xmlns=""> <S> <UTS T


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
3192.168.2.54973513.107.246.414432180C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
TimestampBytes transferredDirectionData
2024-04-23 07:24:28 UTC207OUTGET /rules/rule324001v4s19.xml HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
Host: otelrules.azureedge.net
2024-04-23 07:24:29 UTC491INHTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 07:24:29 GMT
Content-Type: text/xml
Content-Length: 513
Connection: close
Cache-Control: public, max-age=604800, immutable
Last-Modified: Tue, 09 Apr 2024 00:27:31 GMT
ETag: "0x8DC582BD84BDCC1"
x-ms-request-id: 03b554e6-a01e-0051-6ab9-949dc9000000
x-ms-version: 2018-03-28
x-azure-ref: 20240423T072429Z-16f7b4795d4jwb2qfy3gcz4vrn00000004w0000000000a78
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_HIT
X-Cache-Info: L1_T2
Accept-Ranges: bytes
2024-04-23 07:24:29 UTC513INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 33 32 34 30 30 31 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 45 78 74 65 6e 73 69 62 69 6c 69 74 79 2e 56 62 61 54 65 6c 65 6d 65 74 72 79 50 72 6f 6a 65 63 74 4c 6f 61 64 22 20 41 54 54 3d 22 64 62 33 33 34 62 33 30 31 65 37 62 34 37 34 64 62 35 65 30 66 30 32 66 30 37 63 35 31 61 34 37 2d 61 31 62 35 62 63 33 36 2d 31 62 62 65 2d 34 38 32 66 2d 61 36 34 61 2d 63 32 64 39 63 62 36 30 36 37 30 36 2d 37 34 33 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 43 61 3d 22 44 43 20 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22
Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="324001" V="4" DC="SM" EN="Office.Extensibility.VbaTelemetryProjectLoad" ATT="db334b301e7b474db5e0f02f07c51a47-a1b5bc36-1bbe-482f-a64a-c2d9cb606706-7439" SP="CriticalBusinessImpact" DCa="DC PSP PSU" xmlns="


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
4192.168.2.54973613.107.246.414432180C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
TimestampBytes transferredDirectionData
2024-04-23 07:24:28 UTC207OUTGET /rules/rule490016v3s19.xml HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
Host: otelrules.azureedge.net
2024-04-23 07:24:29 UTC471INHTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 07:24:29 GMT
Content-Type: text/xml
Content-Length: 777
Connection: close
Cache-Control: public, max-age=604800, immutable
Last-Modified: Tue, 09 Apr 2024 00:28:04 GMT
ETag: "0x8DC582BEC2AAB32"
x-ms-request-id: 8ed96f75-001e-0033-0c4f-9589ef000000
x-ms-version: 2018-03-28
x-azure-ref: 20240423T072429Z-16f7b4795d4dkx64a5thx68dz400000004h0000000000udh
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_MISS
Accept-Ranges: bytes
2024-04-23 07:24:29 UTC777INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 34 39 30 30 31 36 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 46 65 65 64 62 61 63 6b 2e 53 75 72 76 65 79 2e 46 6c 6f 6f 64 67 61 74 65 43 6c 69 65 6e 74 2e 52 6f 61 6d 69 6e 67 53 75 63 63 65 73 73 66 75 6c 52 65 61 64 57 72 69 74 65 22 20 41 54 54 3d 22 64 37 39 65 38 32 34 33 38 36 63 34 34 34 31 63 62 38 63 31 64 34 61 65 31 35 36 39 30 35 32 36 2d 62 64 34 34 33 33 30 39 2d 35 34 39 34 2d 34 34 34 61 2d 61 62 61 39 2d 30 61 66 39 65 65 66 39 39 66 38 34 2d 37 33 36 30 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 20 44 4c 3d 22 4e 22 20 44 43 61 3d 22 50
Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="490016" V="3" DC="SM" EN="Office.Feedback.Survey.FloodgateClient.RoamingSuccessfulReadWrite" ATT="d79e824386c4441cb8c1d4ae15690526-bd443309-5494-444a-aba9-0af9eef99f84-7360" T="Upload-Medium" DL="N" DCa="P


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
5192.168.2.54973813.107.246.414432180C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
TimestampBytes transferredDirectionData
2024-04-23 07:24:29 UTC207OUTGET /rules/rule324003v5s19.xml HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
Host: otelrules.azureedge.net
2024-04-23 07:24:29 UTC470INHTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 07:24:29 GMT
Content-Type: text/xml
Content-Length: 716
Connection: close
Cache-Control: public, max-age=604800, immutable
Last-Modified: Tue, 09 Apr 2024 00:27:34 GMT
ETag: "0x8DC582BD9F5CC0A"
x-ms-request-id: fa7dcd29-901e-005a-25ac-94b8de000000
x-ms-version: 2018-03-28
x-azure-ref: 20240423T072429Z-16f7b4795d4zv6vn3f4pau5h6400000004n00000000012p0
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_HIT
Accept-Ranges: bytes
2024-04-23 07:24:29 UTC716INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 33 32 34 30 30 33 22 20 56 3d 22 35 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 45 78 74 65 6e 73 69 62 69 6c 69 74 79 2e 56 62 61 54 65 6c 65 6d 65 74 72 79 52 65 66 65 72 65 6e 63 65 64 4c 69 62 72 61 72 79 22 20 41 54 54 3d 22 64 62 33 33 34 62 33 30 31 65 37 62 34 37 34 64 62 35 65 30 66 30 32 66 30 37 63 35 31 61 34 37 2d 61 31 62 35 62 63 33 36 2d 31 62 62 65 2d 34 38 32 66 2d 61 36 34 61 2d 63 32 64 39 63 62 36 30 36 37 30 36 2d 37 34 33 39 22 20 44 43 61 3d 22 44 43 20 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d
Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="324003" V="5" DC="SM" EN="Office.Extensibility.VbaTelemetryReferencedLibrary" ATT="db334b301e7b474db5e0f02f07c51a47-a1b5bc36-1bbe-482f-a64a-c2d9cb606706-7439" DCa="DC PSP PSU" xmlns=""> <S> <UTS T=


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
6192.168.2.54973913.107.246.414432180C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
TimestampBytes transferredDirectionData
2024-04-23 07:24:29 UTC207OUTGET /rules/rule324004v4s19.xml HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
Host: otelrules.azureedge.net
2024-04-23 07:24:29 UTC471INHTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 07:24:29 GMT
Content-Type: text/xml
Content-Length: 738
Connection: close
Cache-Control: public, max-age=604800, immutable
Last-Modified: Tue, 09 Apr 2024 00:27:34 GMT
ETag: "0x8DC582BD9FE7D4B"
x-ms-request-id: e6273d11-a01e-0015-0a4f-95e2d0000000
x-ms-version: 2018-03-28
x-azure-ref: 20240423T072429Z-16f56cb894fcps2fa8agb63e8w0000000090000000004p4t
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_MISS
Accept-Ranges: bytes
2024-04-23 07:24:29 UTC738INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 33 32 34 30 30 34 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 45 78 74 65 6e 73 69 62 69 6c 69 74 79 2e 56 62 61 54 65 6c 65 6d 65 74 72 79 43 6f 6d 4f 62 6a 65 63 74 49 6e 73 74 61 6e 74 69 61 74 65 64 22 20 41 54 54 3d 22 64 62 33 33 34 62 33 30 31 65 37 62 34 37 34 64 62 35 65 30 66 30 32 66 30 37 63 35 31 61 34 37 2d 61 31 62 35 62 63 33 36 2d 31 62 62 65 2d 34 38 32 66 2d 61 36 34 61 2d 63 32 64 39 63 62 36 30 36 37 30 36 2d 37 34 33 39 22 20 44 43 61 3d 22 44 43 20 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54
Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="324004" V="4" DC="SM" EN="Office.Extensibility.VbaTelemetryComObjectInstantiated" ATT="db334b301e7b474db5e0f02f07c51a47-a1b5bc36-1bbe-482f-a64a-c2d9cb606706-7439" DCa="DC PSP PSU" xmlns=""> <S> <UT


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
7192.168.2.54974013.107.246.414432180C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
TimestampBytes transferredDirectionData
2024-04-23 07:24:29 UTC207OUTGET /rules/rule324005v2s19.xml HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
Host: otelrules.azureedge.net
2024-04-23 07:24:29 UTC491INHTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 07:24:29 GMT
Content-Type: text/xml
Content-Length: 599
Connection: close
Cache-Control: public, max-age=604800, immutable
Last-Modified: Tue, 09 Apr 2024 00:26:51 GMT
ETag: "0x8DC582BC0B3C3C8"
x-ms-request-id: b69700b7-101e-0082-79b7-94d4a9000000
x-ms-version: 2018-03-28
x-azure-ref: 20240423T072429Z-16f7b4795d4t6fpdb76n9x7c1400000005c0000000002zc1
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_HIT
X-Cache-Info: L1_T2
Accept-Ranges: bytes
2024-04-23 07:24:29 UTC599INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 33 32 34 30 30 35 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 45 78 74 65 6e 73 69 62 69 6c 69 74 79 2e 56 62 61 54 65 6c 65 6d 65 74 72 79 43 6f 6d 70 69 6c 65 22 20 41 54 54 3d 22 64 62 33 33 34 62 33 30 31 65 37 62 34 37 34 64 62 35 65 30 66 30 32 66 30 37 63 35 31 61 34 37 2d 61 31 62 35 62 63 33 36 2d 31 62 62 65 2d 34 38 32 66 2d 61 36 34 61 2d 63 32 64 39 63 62 36 30 36 37 30 36 2d 37 34 33 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 43 61 3d 22 44 43 20 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a
Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="324005" V="2" DC="SM" EN="Office.Extensibility.VbaTelemetryCompile" ATT="db334b301e7b474db5e0f02f07c51a47-a1b5bc36-1bbe-482f-a64a-c2d9cb606706-7439" SP="CriticalBusinessImpact" DCa="DC PSP PSU" xmlns="">


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
8192.168.2.54974113.107.246.414432180C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
TimestampBytes transferredDirectionData
2024-04-23 07:24:29 UTC207OUTGET /rules/rule324006v2s19.xml HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
Host: otelrules.azureedge.net
2024-04-23 07:24:29 UTC471INHTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 07:24:29 GMT
Content-Type: text/xml
Content-Length: 599
Connection: close
Cache-Control: public, max-age=604800, immutable
Last-Modified: Tue, 09 Apr 2024 00:26:44 GMT
ETag: "0x8DC582BBC83D642"
x-ms-request-id: 75ca08d0-c01e-00ab-1b4f-953689000000
x-ms-version: 2018-03-28
x-azure-ref: 20240423T072429Z-16f56cb894fx9zr8vpqekagkqw00000000gg00000000ak3s
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_MISS
Accept-Ranges: bytes
2024-04-23 07:24:29 UTC599INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 33 32 34 30 30 36 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 45 78 74 65 6e 73 69 62 69 6c 69 74 79 2e 56 62 61 54 65 6c 65 6d 65 74 72 79 53 68 6f 77 49 64 65 22 20 41 54 54 3d 22 64 62 33 33 34 62 33 30 31 65 37 62 34 37 34 64 62 35 65 30 66 30 32 66 30 37 63 35 31 61 34 37 2d 61 31 62 35 62 63 33 36 2d 31 62 62 65 2d 34 38 32 66 2d 61 36 34 61 2d 63 32 64 39 63 62 36 30 36 37 30 36 2d 37 34 33 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 43 61 3d 22 44 43 20 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a
Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="324006" V="2" DC="SM" EN="Office.Extensibility.VbaTelemetryShowIde" ATT="db334b301e7b474db5e0f02f07c51a47-a1b5bc36-1bbe-482f-a64a-c2d9cb606706-7439" SP="CriticalBusinessImpact" DCa="DC PSP PSU" xmlns="">


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
9192.168.2.54974213.107.246.414432180C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
TimestampBytes transferredDirectionData
2024-04-23 07:24:29 UTC207OUTGET /rules/rule324007v2s19.xml HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
Host: otelrules.azureedge.net
2024-04-23 07:24:29 UTC471INHTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 07:24:29 GMT
Content-Type: text/xml
Content-Length: 611
Connection: close
Cache-Control: public, max-age=604800, immutable
Last-Modified: Tue, 09 Apr 2024 00:26:50 GMT
ETag: "0x8DC582BBFB58BC6"
x-ms-request-id: afc3c1f2-501e-00aa-784f-951d8b000000
x-ms-version: 2018-03-28
x-azure-ref: 20240423T072429Z-16f7b4795d4dkx64a5thx68dz400000004cg000000002pm0
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_MISS
Accept-Ranges: bytes
2024-04-23 07:24:29 UTC611INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 33 32 34 30 30 37 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 45 78 74 65 6e 73 69 62 69 6c 69 74 79 2e 56 62 61 54 65 6c 65 6d 65 74 72 79 49 64 65 4d 61 63 72 6f 52 75 6e 22 20 41 54 54 3d 22 64 62 33 33 34 62 33 30 31 65 37 62 34 37 34 64 62 35 65 30 66 30 32 66 30 37 63 35 31 61 34 37 2d 61 31 62 35 62 63 33 36 2d 31 62 62 65 2d 34 38 32 66 2d 61 36 34 61 2d 63 32 64 39 63 62 36 30 36 37 30 36 2d 37 34 33 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 43 61 3d 22 44 43 20 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22
Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="324007" V="2" DC="SM" EN="Office.Extensibility.VbaTelemetryIdeMacroRun" ATT="db334b301e7b474db5e0f02f07c51a47-a1b5bc36-1bbe-482f-a64a-c2d9cb606706-7439" SP="CriticalBusinessImpact" DCa="DC PSP PSU" xmlns="


Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:09:23:19
Start date:23/04/2024
Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
Wow64 process (32bit):true
Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Imagebase:0xbc0000
File size:53'161'064 bytes
MD5 hash:4A871771235598812032C822E6F68F19
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:false

General

Target ID:7
Start time:09:24:23
Start date:23/04/2024
Path:C:\Windows\splwow64.exe
Wow64 process (32bit):false
Commandline:C:\Windows\splwow64.exe 12288
Imagebase:0x7ff614c60000
File size:163'840 bytes
MD5 hash:77DE7761B037061C7C112FD3C5B91E73
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:false

Disassembly

No disassembly