Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
dok PZ 2025-03-11_142242 fin_Orygina#U0142.xls

Overview

General Information

Sample name:dok PZ 2025-03-11_142242 fin_Orygina#U0142.xls
renamed because original name is a hash value
Original sample name:dok PZ 2025-03-11_142242 fin_Orygina.xls
Analysis ID:1636908
MD5:900f1300d90bfa52a3ed722e1bec268d
SHA1:e7a5ef718f29754aa28995ba3cf9dc911b269ae6
SHA256:f451fda960cfea8177fddecc8937408f9c9e916f3843d7094da36e76fbe94062
Tags:xlsuser-lowmal3
Infos:

Detection

Score:64
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious Microsoft Office Child Process
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 1224 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • mshta.exe (PID: 2196 cmdline: C:\Windows\SysWOW64\mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505)
    • splwow64.exe (PID: 4336 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 6532 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\dok PZ 2025-03-11_142242 fin_Orygina#U0142.xls" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Suspicious Microsoft Office Child Process
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\SysWOW64\mshta.exe, NewProcessName: C:\Windows\SysWOW64\mshta.exe, OriginalFileName: C:\Windows\SysWOW64\mshta.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 1224, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, ProcessId: 2196, ProcessName: mshta.exe
Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 3.39.89.152, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 1224, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49723
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.5, DestinationIsIpv6: false, DestinationPort: 49723, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 1224, Protocol: tcp, SourceIp: 3.39.89.152, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-13T08:58:27.313598+010020283713Unknown Traffic192.168.2.54972513.107.253.67443TCP
2025-03-13T08:58:37.044337+010020283713Unknown Traffic192.168.2.54972613.107.253.67443TCP
2025-03-13T08:58:37.066110+010020283713Unknown Traffic192.168.2.54972713.107.253.67443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: dok PZ 2025-03-11_142242 fin_Orygina#U0142.xlsAvira: detected
Multi AV Scanner detection for submitted file
Source: dok PZ 2025-03-11_142242 fin_Orygina#U0142.xlsVirustotal: Detection: 38%Perma Link
Source: dok PZ 2025-03-11_142242 fin_Orygina#U0142.xlsReversingLabs: Detection: 31%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 3.39.89.152:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.253.67:443 -> 192.168.2.5:49725 version: TLS 1.2

Software Vulnerabilities

barindex
Document exploit detected (process start blacklist hit)
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe
Source: global trafficDNS query: name: link.saja.market
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 23.95.235.28:80 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.95.235.28:80
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49725 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49725
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 13.107.253.67:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 13.107.253.67:443
Source: excel.exeMemory has grown: Private usage: 1MB later: 87MB
Source: Joe Sandbox ViewIP Address: 23.95.235.28 23.95.235.28
Source: Joe Sandbox ViewIP Address: 3.39.89.152 3.39.89.152
Source: Joe Sandbox ViewIP Address: 13.107.253.67 13.107.253.67
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49725 -> 13.107.253.67:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49727 -> 13.107.253.67:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49726 -> 13.107.253.67:443
Source: global trafficHTTP traffic detected: GET /zJ1T1tts2G?&source=inconclusive&shoehorn=squealing&lounge HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.saja.marketConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xampp/rsc/rc/efs.hta HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.95.235.28
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /zJ1T1tts2G?&source=inconclusive&shoehorn=squealing&lounge HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.saja.marketConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /xampp/rsc/rc/efs.hta HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 23.95.235.28
Source: global trafficDNS traffic detected: DNS query: link.saja.market
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: dok PZ 2025-03-11_142242 fin_Orygina#U0142.xls, CF430000.0.drString found in binary or memory: https://link.saja.market/zJ1T1tts2G?&source=inconclusive&shoehorn=squealing&loungeW
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 3.39.89.152:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.253.67:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: classification engineClassification label: mal64.expl.winXLS@6/8@2/3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\CF430000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{7BAA8115-B106-4FA9-B7AC-0D5882BF2589} - OProcSessId.datJump to behavior
Source: dok PZ 2025-03-11_142242 fin_Orygina#U0142.xlsOLE indicator, Workbook stream: true
Source: CF430000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: dok PZ 2025-03-11_142242 fin_Orygina#U0142.xlsVirustotal: Detection: 38%
Source: dok PZ 2025-03-11_142242 fin_Orygina#U0142.xlsReversingLabs: Detection: 31%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\dok PZ 2025-03-11_142242 fin_Orygina#U0142.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -EmbeddingJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: c2r32.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: dok PZ 2025-03-11_142242 fin_Orygina#U0142.xlsInitial sample: OLE indicators vbamacros = False
Source: dok PZ 2025-03-11_142242 fin_Orygina#U0142.xlsInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: dok PZ 2025-03-11_142242 fin_Orygina#U0142.xlsStream path 'MBD003A8B8C/Workbook' entropy: 7.99789420029 (max. 8.0)
Source: dok PZ 2025-03-11_142242 fin_Orygina#U0142.xlsStream path 'Workbook' entropy: 7.9985972964 (max. 8.0)
Source: CF430000.0.drStream path 'MBD003A8B8C/Workbook' entropy: 7.99790629518 (max. 8.0)
Source: CF430000.0.drStream path 'Workbook' entropy: 7.94603914004 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 799Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts13
Exploitation for Client Execution		1
DLL Side-Loading		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.