Edit tour

Windows Analysis Report
SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx

Overview

General Information

Sample name:	SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx
Analysis ID:	1638863
MD5:	eb2fe858feaa4595e7bdb0949926a5dc
SHA1:	a0369d920034af28bdf51149f2b194636f790f1e
SHA256:	f89ff3565fa711b9a69c2c1196906e0839c49becae858af259e8ed1892bf6d9b
Tags:	xlsxuser-SecuriteInfoCom
Infos:

Detection

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Detected non-DNS traffic on DNS port

Document embeds suspicious OLE2 link

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Excel Network Connections

Sigma detected: Suspicious Office Outbound Connections

Suricata IDS alerts with low severity for network traffic

Unable to load, office file is protected or invalid

Uses a known web browser user agent for HTTP communication

Classification

Process Tree

System is w10x64

EXCEL.EXE (PID: 6740 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)

splwow64.exe (PID: 3876 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)

EXCEL.EXE (PID: 2768 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx" MD5: 4A871771235598812032C822E6F68F19)

cleanup

Sigma Signatures

Sigma detected: Excel Network Connections

Source: Network Connection

Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 3.39.153.44, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6740, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 55792

Sigma detected: Suspicious Office Outbound Connections

Source: Network Connection

Author: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.7, DestinationIsIpv6: false, DestinationPort: 55792, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6740, Protocol: tcp, SourceIp: 3.39.153.44, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-14T21:47:32.428214+0100	2028371	3	Unknown Traffic	192.168.2.7	55794	13.107.253.72	443	TCP
2025-03-14T21:47:38.475635+0100	2028371	3	Unknown Traffic	192.168.2.7	55795	13.107.253.72	443	TCP
2025-03-14T21:47:38.476867+0100	2028371	3	Unknown Traffic	192.168.2.7	55796	13.107.253.72	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx

Avira: detected

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx	Virustotal: Detection: 27%			Perma Link
Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx	ReversingLabs: Detection: 25%

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 3.39.153.44:443 -> 192.168.2.7:55792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.7:55794 version: TLS 1.2

Source: global traffic	DNS query: name: link.saja.market
Source: global traffic	DNS query: name: otelrules.svc.static.microsoft

Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443

Source: global traffic	TCP traffic: 192.168.2.7:61248 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 1.1.1.1:53 -> 192.168.2.7:61248
Source: global traffic	TCP traffic: 192.168.2.7:61248 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.7:61248 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 1.1.1.1:53 -> 192.168.2.7:61248
Source: global traffic	TCP traffic: 1.1.1.1:53 -> 192.168.2.7:61248
Source: global traffic	TCP traffic: 192.168.2.7:61248 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 1.1.1.1:53 -> 192.168.2.7:61248
Source: global traffic	TCP traffic: 192.168.2.7:61248 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.7:55785 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 1.1.1.1:53 -> 192.168.2.7:55785
Source: global traffic	TCP traffic: 192.168.2.7:55785 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 1.1.1.1:53 -> 192.168.2.7:55785
Source: global traffic	TCP traffic: 192.168.2.7:55785 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 1.1.1.1:53 -> 192.168.2.7:55785
Source: global traffic	TCP traffic: 192.168.2.7:55785 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55792
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55792
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55792
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55792
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55792
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55792
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55792
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55792
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55792 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55792
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55793
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55793
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55793
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55793
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55793
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55793
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55793
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55793
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 3.39.153.44:443 -> 192.168.2.7:55793
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55793 -> 3.39.153.44:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55794 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55794
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55795
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55796
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55795
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55796
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55795
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55795
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55796
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55795
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55796
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55796
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55795
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55795
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55795
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55795
Source: global traffic	TCP traffic: 192.168.2.7:55795 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55795
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55796
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55796
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55796
Source: global traffic	TCP traffic: 192.168.2.7:55796 -> 13.107.253.72:443
Source: global traffic	TCP traffic: 13.107.253.72:443 -> 192.168.2.7:55796

Source: excel.exe

Memory has grown: Private usage: 2MB later: 130MB

Source: global traffic	TCP traffic: 192.168.2.7:61248 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.7:55785 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 13.107.253.72 13.107.253.72
Source: Joe Sandbox View	IP Address: 3.39.153.44 3.39.153.44

Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:55794 -> 13.107.253.72:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:55795 -> 13.107.253.72:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:55796 -> 13.107.253.72:443

Source: global traffic	HTTP traffic detected: GET /5SYl9lmtEm?&boat-building=brave&invite=womanly&fairy=tan&surprise HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.saja.marketConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /404 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.saja.marketConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /5SYl9lmtEm?&boat-building=brave&invite=womanly&fairy=tan&surprise HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.saja.marketConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /404 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.saja.marketConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft

Source: global traffic	DNS traffic detected: DNS query: link.saja.market
Source: global traffic	DNS traffic detected: DNS query: otelrules.svc.static.microsoft

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Mar 2025 20:47:24 GMTContent-Type: text/html; charset=utf-8Content-Length: 4645Connection: closex-dns-prefetch-control: offx-frame-options: SAMEORIGINstrict-transport-security: max-age=15552000; includeSubDomainsx-download-options: noopenx-content-type-options: nosniffx-xss-protection: 1; mode=blockx-powered-by: Next.jsetag: "1225-W2Ao8CtLz4X2brSH9KxQ4GHunnc"vary: Accept-Encodingx-envoy-upstream-service-time: 3server: istio-envoy

Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx

String found in binary or memory: https://link.saja.market/5SYl9lmtEm?&boat-building=brave&invite=womanly&fairy=tan&surprise&z

Source: unknown	Network traffic detected: HTTP traffic on port 55796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55794
Source: unknown	Network traffic detected: HTTP traffic on port 55793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55795 -> 443

Source: unknown	HTTPS traffic detected: 3.39.153.44:443 -> 192.168.2.7:55792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.7:55794 version: TLS 1.2

Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx

Stream path 'MBD008144B4/\x1Ole' : https://link.saja.market/5SYl9lmtEm?&boat-building=brave&invite=womanly&fairy=tan&surprise&z 1}TC+[uQ,.L2AK7fZMJkwbWgVuGiITFLftiG79YD8t1Q86fISP9Sq0iDmQGSlZTmHU8Zq1ZZPGhgspCxiBfV3lzt1xM8sui3fbfwkaSkBMGc6sUjSeZLXpxvbXAmPVsqM;$\k!

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Window title found: microsoft excel okexcel cannot open the file 'securiteinfo.com.other.malware-gen.17831.10614.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.

Source: classification engine

Classification label: mal56.winXLSX@4/4@2/2

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\Desktop\~$SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user~1\AppData\Local\Temp\{BBB3AB29-C242-434B-AF7F-D593FD0D3E25} - OProcSessId.dat

Jump to behavior

Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx

OLE indicator, Workbook stream: true

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx	Virustotal: Detection: 27%
Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx	ReversingLabs: Detection: 25%

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx

Static file information: File size 1230336 > 1048576

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx

Initial sample: OLE indicators vbamacros = False

Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx

Initial sample: OLE indicators encrypted = True

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx	Stream path 'MBD008144B3/Package' entropy: 7.99214467006 (max. 8.0)
Source: SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx	Stream path 'Workbook' entropy: 7.99853092337 (max. 8.0)

Source: C:\Windows\splwow64.exe

Window / User API: threadDelayed 1095

Jump to behavior

Source: C:\Windows\splwow64.exe	Last function: Thread delayed
Source: C:\Windows\splwow64.exe	Last function: Thread delayed

Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000			Jump to behavior
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000			Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Extra Window Memory Injection	LSA Secrets	1 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsx