Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MissingInvoices.xls

Overview

General Information

Sample name:MissingInvoices.xls
Analysis ID:1541130
MD5:9756ba64da784ff1e1fa8844c89d72c0
SHA1:d5a0e6dd911e37c9f5c0eeca310e9850fb8f1e0c
SHA256:6ea5375726cf3ecf59dddf9e3b2a83384158adb17fb9550c67af8e2bddb8330d
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Document misses a certain OLE stream usually present in this Microsoft Office document type
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections

Classification

Process Tree

  • System is w10x64_ra
  • EXCEL.EXE (PID: 6896 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\MissingInvoices.xls" MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 6824 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.253.45, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6896, Protocol: tcp, SourceIp: 192.168.2.17, SourceIsIpv6: false, SourcePort: 49723
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.17, DestinationIsIpv6: false, DestinationPort: 49723, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6896, Protocol: tcp, SourceIp: 13.107.253.45, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49723 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49723
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: global trafficTCP traffic: 192.168.2.17:49724 -> 13.107.253.45:443
Source: global trafficTCP traffic: 13.107.253.45:443 -> 192.168.2.17:49724
Source: excel.exeMemory has grown: Private usage: 1MB later: 73MB
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: MissingInvoices.xlsOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engineClassification label: clean2.winXLS@3/4@0/70
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{DD13961B-67FA-4DCB-BACA-B9FF13AE3FF6} - OProcSessId.dat
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.ini
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\MissingInvoices.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: MissingInvoices.xlsInitial sample: OLE indicators vbamacros = False
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Process Injection		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Extra Window Memory Injection		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS2
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0017.t-0009.fb-t-msedge.net
13.107.253.45
truefalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    52.113.194.132
    		unknownUnited States
    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    52.109.68.129
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    93.184.221.240
    		unknownEuropean Union
    		15133EDGECASTUSfalse
    13.89.179.13
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    52.109.28.46
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    13.107.253.45
    		s-part-0017.t-0009.fb-t-msedge.netUnited States
    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    184.28.90.27
    		unknownUnited States
    		16625AKAMAI-ASUSfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1541130
    Start date and time:2024-10-24 13:41:03 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:17
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:MissingInvoices.xls
    Detection:CLEAN
    Classification:clean2.winXLS@3/4@0/70
    Cookbook Comments:
    • Found application associated with file extension: .xls

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe
    • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.109.68.129, 52.113.194.132, 184.28.90.27, 93.184.221.240
    • Excluded domains from analysis (whitelisted): eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, ecs.office.com, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtCreateKey calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • VT rate limit hit for: MissingInvoices.xls

    LLM Input / Output

    InputOutput
    URL: Office document Model: claude-3-haiku-20240307
    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "R = Reissued Invoid O = Others",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
    URL: Office document Model: claude-3-haiku-20240307
    ```json
{
  "brands": [
    "Hitachi Energy"
  ]
}

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    File Type:data
    Category:dropped
    Size (bytes):338
    Entropy (8bit):3.445929325402039
    Encrypted:false
    SSDEEP:
    MD5:68B84DF0AB9DABC14DAF7EADB816E6E9
    SHA1:FF3CC4CCC29D755C12B60FCC14D5FE9223306295
    SHA-256:B56B80691D2F7F6E495D8F512940C4AD3BEACFACF64E22EF12043E91BA659E58
    SHA-512:7B484763A9E30D07D1F3104DDBD08C96C9322A81F4E574784DEB9DFB3F15E10E2373F9238E725AB1A53C38AB0200E0F68CCD66AF56A6EA66EFA9797C3F2A691E
    Malicious:false
    Reputation:unknown
    Preview:p...... ........&/...&..(...............................................B:.VZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

    C:\Users\user\AppData\Local\Microsoft\Office\Features\1-7FeatureCache.txt (copy)

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    File Type:data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E7B95B7F3F1401DD8786963C91C74FF1
    SHA1:490735B94C9F702ECDDD41845FEA25B5A3D1CAFD
    SHA-256:07E2EB1908245939906E837A7CA8A3CFE8627CE881291D1A77292F806AE8D043
    SHA-512:CB204E2BCBFF0E8DF9E32B6AAFB3505C9F15FBA64135CD15CE6140144EDCD715C6F10DEB8F762C71DE60DDFC6E13C0DB85CA7907CBEC504557214E4619B065BF
    Malicious:false
    Reputation:unknown
    Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.3.7.4.6.2.5.9.,.1.2.2.3.4.3.4.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.1.0.0.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.8.7.4.7.0.1.5.3.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.3.7.4.6.3.7.9.,.

    C:\Users\user\AppData\Local\Temp\BB9395ED.tmp

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    File Type:data
    Category:dropped
    Size (bytes):860
    Entropy (8bit):2.7137153092998956
    Encrypted:false
    SSDEEP:
    MD5:E7B95B7F3F1401DD8786963C91C74FF1
    SHA1:490735B94C9F702ECDDD41845FEA25B5A3D1CAFD
    SHA-256:07E2EB1908245939906E837A7CA8A3CFE8627CE881291D1A77292F806AE8D043
    SHA-512:CB204E2BCBFF0E8DF9E32B6AAFB3505C9F15FBA64135CD15CE6140144EDCD715C6F10DEB8F762C71DE60DDFC6E13C0DB85CA7907CBEC504557214E4619B065BF
    Malicious:false
    Reputation:unknown
    Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.3.7.4.6.2.5.9.,.1.2.2.3.4.3.4.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.1.0.0.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.8.7.4.7.0.1.5.3.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.3.7.4.6.3.7.9.,.

    C:\Users\user\AppData\Local\Temp\~DFCC0187D67FCC573A.TMP

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    File Type:data
    Category:dropped
    Size (bytes):24576
    Entropy (8bit):2.055870471456177
    Encrypted:false
    SSDEEP:
    MD5:CFF913ACFAB31C281D8FE592379AB983
    SHA1:4E19DD739CA9606DDE9CC7F021AD1D9E6745A1DF
    SHA-256:AE154B0169C839F7C894E4DE54E617B38F90855C4C831BAAA24DF7866586EB79
    SHA-512:B94791264F3791212262D6DABC79D5C5CADAD28481254A153BF4AFC5ECA9CB8B1236825D3995D07B125F02C4E15C8F45091881075F5499254BCEBBFC621743A2
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\Desktop\MissingInvoices.xls

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    File Type:CDFV2 Microsoft Excel
    Category:dropped
    Size (bytes):13824
    Entropy (8bit):3.6097549185006668
    Encrypted:false
    SSDEEP:
    MD5:B040358191F9833B2B3E7CCD88198DD8
    SHA1:FDDD2FD0A4C9AFD6D5AA9F2CDAEDB8D9D34C5F2D
    SHA-256:4CF40A4C4281A188C83D2C63319E8E9BAE2369CEFCDF03CBEDAF9AB658F9B88F
    SHA-512:8514600CE44A335A1F5FC26FFD54320688EE2D55CD20C0ACCBC5091DB964FC43E4F5C3BD0DE9FCFD2CC8389F5F34D4A2AE20A8F997DB0B1AE3B153EB5706B2E6
    Malicious:false
    Reputation:unknown
    Preview:......................>...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................\.p....usersheetGear 8.1.26.102 B.....a.................................=.....<..F.&8.......X.@...........".......................1...................Calibri1...................Calibri1...................Calibri1...................Calibri1...................Calibri1...................Calibri1.......6...........Calibri1...................Calibri1.......>...........Calibri1..........

    Static File Info

    General

    File type:CDFV2 Microsoft Excel
    Entropy (8bit):3.604322627505621
    TrID:
    • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
    File name:MissingInvoices.xls
    File size:13'824 bytes
    MD5:9756ba64da784ff1e1fa8844c89d72c0
    SHA1:d5a0e6dd911e37c9f5c0eeca310e9850fb8f1e0c
    SHA256:6ea5375726cf3ecf59dddf9e3b2a83384158adb17fb9550c67af8e2bddb8330d
    SHA512:ef128a6a363c25d2aff8a8fb7971cd9897c03172e0d44cb3467c64b80344744c88347fdb6e1398bc951af97e4b92520848c37717d11cf08de007d810879d3e74
    SSDEEP:192:rlSUb43AgdLSUXwnNsSqJOJFHSpw+6z4sAMlAFqSUIBF9j:RSw0kJF3PSNBH
    TLSH:A852699BFAA58D4ACA25033984B65330A767FC119BF3834B5649F34616F1DD0C903B1B
    File Content Preview:........................>......................................................................................................................................................................................................................................

    File Icon

    Icon Hash:35ed8e920e8c81b5

    Static OLE Info

    General

    Document Type:OLE
    Number of OLE Files:1

    OLE File "MissingInvoices.xls"

    Indicators
    Has Summary Info:
    Application Name:None
    Encrypted Document:False
    Contains Word Document Stream:False
    Contains Workbook/Book Stream:False
    Contains PowerPoint Document Stream:False
    Contains Visio Document Stream:False
    Contains ObjectPool Stream:False
    Flash Objects Count:0
    Contains VBA Macros:False

    Streams

    Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 11802
    General
    Stream Path:Workbook
    CLSID:
    File Type:Applesoft BASIC program data, first line number 16
    Stream Size:11802
    Entropy:3.7204446907492117
    Base64 Encoded:True
    Data ASCII:. . . . . . . . . . . . . . . . . \\ . p . . . . S p r e a d s h e e t G e a r 8 . 1 . 2 6 . 1 0 2 B . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . < . F & 8 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . C a l i b r i 1 . . . . . . . . .
    Data Raw:09 08 10 00 00 06 05 00 a9 1f cd 07 c9 00 01 00 06 04 00 00 5c 00 70 00 1a 00 00 53 70 72 65 61 64 73 68 65 65 74 47 65 61 72 20 38 2e 31 2e 32 36 2e 31 30 32 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20