Windows Analysis Report
MissingInvoices.xls

Overview

General Information

Sample name:	MissingInvoices.xls
Analysis ID:	1541130
MD5:	9756ba64da784ff1e1fa8844c89d72c0
SHA1:	d5a0e6dd911e37c9f5c0eeca310e9850fb8f1e0c
SHA256:	6ea5375726cf3ecf59dddf9e3b2a83384158adb17fb9550c67af8e2bddb8330d
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Document misses a certain OLE stream usually present in this Microsoft Office document type

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Sigma detected: Excel Network Connections

Sigma detected: Suspicious Office Outbound Connections

Classification

Signatures

Source: unknown

HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.17:49723 version: TLS 1.2

Potential document exploit detected (performs HTTP gets)

Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724

Source: excel.exe

Memory has grown: Private usage: 1MB later: 73MB

Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown

HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.17:49723 version: TLS 1.2

Document misses a certain OLE stream usually present in this Microsoft Office document type

Source: MissingInvoices.xls

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: clean2.winXLS@3/4@0/70

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{DD13961B-67FA-4DCB-BACA-B9FF13AE3FF6} - OProcSessId.dat

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\MissingInvoices.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: MissingInvoices.xls

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX

Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.113.194.132	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.109.68.129	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
93.184.221.240	unknown	European Union	15133	EDGECASTUS	false
13.89.179.13	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.109.28.46	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.253.45	s-part-0017.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
184.28.90.27	unknown	United States	16625	AKAMAI-ASUS	false

Contacted Domains

Name	IP	Active
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	data	68B84DF0AB9DABC14DAF7EADB816E6E9	FF3CC4CCC29D755C12B60FCC14D5FE9223306295	B56B80691D2F7F6E495D8F512940C4AD3BEACFACF64E22EF12043E91BA659E58
C:\Users\user\AppData\Local\Microsoft\Office\Features\1-7FeatureCache.txt (copy)	data	E7B95B7F3F1401DD8786963C91C74FF1	490735B94C9F702ECDDD41845FEA25B5A3D1CAFD	07E2EB1908245939906E837A7CA8A3CFE8627CE881291D1A77292F806AE8D043
C:\Users\user\AppData\Local\Temp\BB9395ED.tmp	data	E7B95B7F3F1401DD8786963C91C74FF1	490735B94C9F702ECDDD41845FEA25B5A3D1CAFD	07E2EB1908245939906E837A7CA8A3CFE8627CE881291D1A77292F806AE8D043
C:\Users\user\AppData\Local\Temp\~DFCC0187D67FCC573A.TMP	data	CFF913ACFAB31C281D8FE592379AB983	4E19DD739CA9606DDE9CC7F021AD1D9E6745A1DF	AE154B0169C839F7C894E4DE54E617B38F90855C4C831BAAA24DF7866586EB79
C:\Users\user\Desktop\MissingInvoices.xls	CDFV2 Microsoft Excel	B040358191F9833B2B3E7CCD88198DD8	FDDD2FD0A4C9AFD6D5AA9F2CDAEDB8D9D34C5F2D	4CF40A4C4281A188C83D2C63319E8E9BAE2369CEFCDF03CBEDAF9AB658F9B88F

Source: unknown

HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.17:49723 version: TLS 1.2

Potential document exploit detected (performs HTTP gets)

Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global traffic	TCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global traffic	TCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724

Source: excel.exe

Memory has grown: Private usage: 1MB later: 73MB

Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown

HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.17:49723 version: TLS 1.2

Document misses a certain OLE stream usually present in this Microsoft Office document type

Source: MissingInvoices.xls

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: clean2.winXLS@3/4@0/70

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{DD13961B-67FA-4DCB-BACA-B9FF13AE3FF6} - OProcSessId.dat

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\MissingInvoices.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: MissingInvoices.xls

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX

Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

ID:	1541130
Product:	CloudBasic
Start time:	13:41:03
Start date:	24.10.2024
Sample:	MissingInvoices.xls
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	9756ba64da784ff1e1fa8844c89d72c0
SHA1:	d5a0e6dd911e37c9f5c0eeca310e9850fb8f1e0c
SHA256:	6ea5375726cf3ecf59dddf9e3b2a83384158adb17fb9550c67af8e2bddb8330d
Filetype:	Generic OLE2 / Multistream Compound File (8008/1) 100.00%

Windows Analysis Report
MissingInvoices.xls

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report MissingInvoices.xls

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
MissingInvoices.xls