Windows Analysis Report
Salary 2025- workers-v1.xls

Overview

General Information

Sample name: Salary 2025- workers-v1.xls
Analysis ID: 1559179
MD5: db0d2d8342343528bb33649e91bb6f3d
SHA1: 7e00d44d5b05912a2e42c5408fefed8396710b24
SHA256: abd87359790b24e8ac8464d3af8688b08248ca84c14dd97f1b6f33e8c297a3b8
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic

Classification

AV Detection

barindex
Source: Salary 2025- workers-v1.xls Avira: detected
Source: Salary 2025- workers-v1.xls Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 13.107.246.42:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49716 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49716
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49717
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49717
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49717
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49717
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49717
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49717
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49717
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49717
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49717
Source: global traffic TCP traffic: 13.107.246.42:443 -> 192.168.2.16:49717
Source: excel.exe Memory has grown: Private usage: 1MB later: 130MB
Source: Joe Sandbox View IP Address: 13.107.246.42 13.107.246.42
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49716 -> 13.107.246.42:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49717 -> 13.107.246.42:443
Source: global traffic HTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown HTTPS traffic detected: 13.107.246.42:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: Salary 2025- workers-v1.xls OLE, VBA macro line: Sub Auto_Open()
Source: mypersonnel.xls.0.dr OLE, VBA macro line: Sub Auto_Open()
Source: Salary 2025- workers-v1.xls OLE indicator, VBA macros: true
Source: mypersonnel.xls.0.dr OLE indicator, VBA macros: true
Source: ~DF7F1A492639213F2D.TMP.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engine Classification label: mal52.winXLS@3/4@0/1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File created: C:\Users\user\AppData\Roaming\Microsoft\Excel\XLSTART\mypersonnel.xls Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File created: C:\Users\user\AppData\Local\Temp\{81270C32-B525-47BE-A881-FD16D640CB32} - OProcSessId.dat Jump to behavior
Source: Salary 2025- workers-v1.xls OLE indicator, Workbook stream: true
Source: mypersonnel.xls.0.dr OLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Salary 2025- workers-v1.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{88d96a05-f192-11d4-a65f-0040963251e5}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll Jump to behavior
Source: ~DF7F1A492639213F2D.TMP.0.dr Initial sample: OLE indicators vbamacros = False
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Window / User API: threadDelayed 429 Jump to behavior
Source: C:\Windows\splwow64.exe Last function: Thread delayed
Source: C:\Windows\splwow64.exe Last function: Thread delayed
Source: C:\Windows\splwow64.exe Thread delayed: delay time: 120000 Jump to behavior
Source: C:\Windows\splwow64.exe Thread delayed: delay time: 120000 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information queried: ProcessInformation Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs