Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
YYYY-NNN AUDIT DETAIL REPORT .docx

Overview

General Information

Sample name:YYYY-NNN AUDIT DETAIL REPORT .docx
Analysis ID:1589950
MD5:0475b8190723d39625ff0f476d11a9ea
SHA1:6a8ff09cad3b66a9b69a289df76e729580c4135b
SHA256:2c0b31d47ed0d44046c1a010cc26098507147783bd49c76fbf7daf678ce4343b
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Suricata IDS alerts for network traffic
Contains an external reference to another file
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sigma detected: Suspicious Office Outbound Connections
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w11x64_office
  • WINWORD.EXE (PID: 6640 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\YYYY-NNN AUDIT DETAIL REPORT .docx" /o "" MD5: A9F0EC89897AC6C878D217DFB64CA752)
  • rundll32.exe (PID: 6332 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: C87FA6FC1D294962EABE44509FE1921C)
  • WINWORD.EXE (PID: 6712 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\YYYY-NNN AUDIT DETAIL REPORT .docx" /o "" MD5: A9F0EC89897AC6C878D217DFB64CA752)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.24, DestinationIsIpv6: false, DestinationPort: 59356, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE, Initiated: true, ProcessId: 6640, Protocol: tcp, SourceIp: 159.60.138.212, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-13T11:17:17.216576+010018100041Potentially Bad Traffic192.168.2.2459360159.60.138.212443TCP
2025-01-13T11:18:27.971624+010018100041Potentially Bad Traffic192.168.2.2459391159.60.138.212443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-13T11:17:14.195599+010018100051Potentially Bad Traffic192.168.2.2459357159.60.138.212443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: YYYY-NNN AUDIT DETAIL REPORT .docxAvira: detected
Multi AV Scanner detection for submitted file
Source: YYYY-NNN AUDIT DETAIL REPORT .docxVirustotal: Detection: 11%Perma Link
Source: YYYY-NNN AUDIT DETAIL REPORT .docxReversingLabs: Detection: 15%
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 159.60.138.212:443 -> 192.168.2.24:59356 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:59382 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:59384 version: TLS 1.2
Source: unknownHTTPS traffic detected: 159.60.138.212:443 -> 192.168.2.24:59387 version: TLS 1.2
Source: unknownHTTPS traffic detected: 159.60.138.212:443 -> 192.168.2.24:59388 version: TLS 1.2
Source: unknownHTTPS traffic detected: 159.60.138.212:443 -> 192.168.2.24:59389 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:59396 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:59402 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:59408 version: TLS 1.2
Source: global trafficDNS query: name: audimex.nexi.it
Source: global trafficDNS query: name: audimex.nexi.it
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59377 -> 142.250.184.227:80
Source: global trafficTCP traffic: 192.168.2.24:59378 -> 23.209.209.135:80
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:49727 -> 48.209.144.71:443
Source: global trafficTCP traffic: 192.168.2.24:49727 -> 48.209.144.71:443
Source: global trafficTCP traffic: 192.168.2.24:49673 -> 20.198.118.190:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59384 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59384 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59384 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59384 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59384 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59384 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59384 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59384 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59384 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59384 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59384 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:49726 -> 2.16.158.192:443
Source: global trafficTCP traffic: 192.168.2.24:49726 -> 2.16.158.192:443
Source: global trafficTCP traffic: 192.168.2.24:59387 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59387 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59387 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59388 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59388 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59388 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59387 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59387 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59387 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59388 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59388 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59388 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59387 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59387 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59387 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59389 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59389 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59389 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59388 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59388 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59388 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59390 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59390 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59390 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59389 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59389 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59389 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59390 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59390 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59389 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59389 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59389 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59390 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59390 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59390 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59391 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59392 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59394 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59396 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59396 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59396 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59396 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59396 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59396 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59396 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59396 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59396 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59396 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59396 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59402 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59402 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59402 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:49741 -> 2.23.242.162:443
Source: global trafficTCP traffic: 192.168.2.24:49741 -> 2.23.242.162:443
Source: global trafficTCP traffic: 192.168.2.24:59402 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59402 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59402 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:49742 -> 2.23.242.162:443
Source: global trafficTCP traffic: 192.168.2.24:49742 -> 2.23.242.162:443
Source: global trafficTCP traffic: 192.168.2.24:59402 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59402 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59402 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59402 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59402 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59408 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59355 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:59355
Source: global trafficTCP traffic: 192.168.2.24:59355 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:59355 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:59355
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:59355
Source: global trafficTCP traffic: 192.168.2.24:59355 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59356
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59356
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:59355
Source: global trafficTCP traffic: 192.168.2.24:59355 -> 1.1.1.1:53
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59356
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59356
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59356
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59356
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59356
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59356
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59356
Source: global trafficTCP traffic: 192.168.2.24:59356 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59356
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59357
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59357
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59357
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59357
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59357
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59357
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59357
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59357
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59357
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59357
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59357
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59357 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59358
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59358
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59358
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59358
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59358
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59358
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59358
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59358 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59358
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59358
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59360 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59360
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59362
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59362
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59362
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59362
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59362
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59362
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59362
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59362
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59362
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59362
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59362 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59363
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59363
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59363
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59363
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59363
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59363
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59363
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59363
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59363
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 159.60.138.212:443 -> 192.168.2.24:59363
Source: global trafficTCP traffic: 192.168.2.24:59363 -> 159.60.138.212:443
Source: global trafficTCP traffic: 192.168.2.24:49728 -> 192.229.221.95:80
Source: global trafficTCP traffic: 192.168.2.24:49727 -> 48.209.144.71:443
Source: global trafficTCP traffic: 192.229.221.95:80 -> 192.168.2.24:49728
Source: global trafficTCP traffic: 192.168.2.24:49728 -> 192.229.221.95:80
Source: global trafficTCP traffic: 48.209.144.71:443 -> 192.168.2.24:49727
Source: global trafficTCP traffic: 192.168.2.24:49727 -> 48.209.144.71:443
Source: global trafficTCP traffic: 192.168.2.24:59377 -> 142.250.184.227:80
Source: global trafficTCP traffic: 142.250.184.227:80 -> 192.168.2.24:59377
Source: global trafficTCP traffic: 192.168.2.24:59377 -> 142.250.184.227:80
Source: global trafficTCP traffic: 192.168.2.24:59377 -> 142.250.184.227:80
Source: global trafficTCP traffic: 142.250.184.227:80 -> 192.168.2.24:59377
Source: global trafficTCP traffic: 142.250.184.227:80 -> 192.168.2.24:59377
Source: global trafficTCP traffic: 192.168.2.24:59377 -> 142.250.184.227:80
Source: global trafficTCP traffic: 192.168.2.24:59378 -> 23.209.209.135:80
Source: global trafficTCP traffic: 23.209.209.135:80 -> 192.168.2.24:59378
Source: global trafficTCP traffic: 192.168.2.24:59378 -> 23.209.209.135:80
Source: global trafficTCP traffic: 192.168.2.24:59378 -> 23.209.209.135:80
Source: global trafficTCP traffic: 23.209.209.135:80 -> 192.168.2.24:59378
Source: global trafficTCP traffic: 23.209.209.135:80 -> 192.168.2.24:59378
Source: global trafficTCP traffic: 192.168.2.24:49730 -> 199.232.210.172:80
Source: global trafficTCP traffic: 192.168.2.24:49729 -> 199.232.210.172:80
Source: global trafficTCP traffic: 199.232.210.172:80 -> 192.168.2.24:49730
Source: global trafficTCP traffic: 192.168.2.24:49730 -> 199.232.210.172:80
Source: global trafficTCP traffic: 199.232.210.172:80 -> 192.168.2.24:49729
Source: global trafficTCP traffic: 192.168.2.24:49729 -> 199.232.210.172:80
Source: global trafficTCP traffic: 192.168.2.24:59378 -> 23.209.209.135:80
Source: global trafficTCP traffic: 192.168.2.24:49673 -> 20.198.118.190:443
Source: global trafficTCP traffic: 20.198.118.190:443 -> 192.168.2.24:49673
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 40.115.3.253:443 -> 192.168.2.24:59382
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 40.115.3.253:443 -> 192.168.2.24:59382
Source: global trafficTCP traffic: 40.115.3.253:443 -> 192.168.2.24:59382
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 40.115.3.253:443 -> 192.168.2.24:59382
Source: global trafficTCP traffic: 40.115.3.253:443 -> 192.168.2.24:59382
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 40.115.3.253:443 -> 192.168.2.24:59382
Source: global trafficTCP traffic: 192.168.2.24:59382 -> 40.115.3.253:443
Source: global trafficTCP traffic: 40.115.3.253:443 -> 192.168.2.24:59382
Source: global trafficTCP traffic: 40.115.3.253:443 -> 192.168.2.24:59382

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 1810005 - Severity 1 - Joe Security ANOMALY Microsoft Office WebDAV Discovery : 192.168.2.24:59357 -> 159.60.138.212:443
Source: Network trafficSuricata IDS: 1810004 - Severity 1 - Joe Security ANOMALY Microsoft Office HTTP activity : 192.168.2.24:59360 -> 159.60.138.212:443
Source: Network trafficSuricata IDS: 1810004 - Severity 1 - Joe Security ANOMALY Microsoft Office HTTP activity : 192.168.2.24:59391 -> 159.60.138.212:443
Source: Joe Sandbox ViewASN Name: TWC-11351-NORTHEASTUS TWC-11351-NORTHEASTUS
Source: Joe Sandbox ViewJA3 fingerprint: 258a5a1e95b8a911872bae9081526644
Source: Joe Sandbox ViewJA3 fingerprint: 6a5d235ee78c6aede6a61448b4e9ff1e
Source: global trafficHTTP traffic detected: GET /pages/prod/wal/audimex_addin.dot HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: audimex.nexi.itConnection: Keep-AliveCookie: 0a3d03=fLJMQ/3EIGL5tT+ZQ+sQnDHLZN1jD4VOTBkCWtkeR/thrfAO850v73YVhdiZSU+JPB+YHjKwws/flaA1cj7/5sULTFqZdBoLB79/wrqpBNJPskruoJeafiRvC4rhfwLVQecmSpwHmJpDZfJgtunc7SZ/7fGRr9Ze+XcyHr46/IAEuCQ8
Source: global trafficHTTP traffic detected: GET /pages/prod/wal/audimex_addin.dot HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: audimex.nexi.itIf-Modified-Since: Mon, 03 Jun 2024 13:21:12 GMTIf-None-Match: "e5c00-619fc35038c9d"Connection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 48.209.144.71
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 48.209.144.71
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.184.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.184.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.184.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.184.227
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.209.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.209.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.209.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.209.135
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.192
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.192
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: global trafficHTTP traffic detected: GET /pages/prod/wal/audimex_addin.dot HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: audimex.nexi.itConnection: Keep-AliveCookie: 0a3d03=fLJMQ/3EIGL5tT+ZQ+sQnDHLZN1jD4VOTBkCWtkeR/thrfAO850v73YVhdiZSU+JPB+YHjKwws/flaA1cj7/5sULTFqZdBoLB79/wrqpBNJPskruoJeafiRvC4rhfwLVQecmSpwHmJpDZfJgtunc7SZ/7fGRr9Ze+XcyHr46/IAEuCQ8
Source: global trafficHTTP traffic detected: GET /pages/prod/wal/audimex_addin.dot HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: audimex.nexi.itIf-Modified-Since: Mon, 03 Jun 2024 13:21:12 GMTIf-None-Match: "e5c00-619fc35038c9d"Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cache-Control: max-age = 3600Connection: Keep-AliveAccept: */*If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMTIf-None-Match: "65ca969f-2cd"User-Agent: Microsoft-CryptoAPI/10.0Host: x1.c.lencr.org
Source: global trafficDNS traffic detected: DNS query: audimex.nexi.it
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://df.loki.delve.office.com
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://dod.loki.office365.us
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://gcc.loki.delve.office.com
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://gcchigh.loki.office365.us
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://github.com/react-native-community/react-native-async-storage/issues
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://loki.delve.office.com
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://loki.delve.office.de
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://loki.office365.cn
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://loki.officenet.eaglex.ic.gov
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://loki.officenet.microsoft.scloud
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://msit.loki.delve.office.com
Source: prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drString found in binary or memory: https://react-native-community.github.io/async-storage/docs/advanced/jest
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 59408 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59408
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59391 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59357 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59356
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59358
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59357
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59396
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59392
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59391
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59394
Source: unknownNetwork traffic detected: HTTP traffic on port 59388 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59363 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59384 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59390
Source: unknownNetwork traffic detected: HTTP traffic on port 59382 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59396 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 59392 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59358 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59394 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59356 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59390 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59389
Source: unknownNetwork traffic detected: HTTP traffic on port 59362 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59388
Source: unknownNetwork traffic detected: HTTP traffic on port 59360 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59387 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59402
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59363
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59362
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59384
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59387
Source: unknownNetwork traffic detected: HTTP traffic on port 59402 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59360
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59382
Source: unknownNetwork traffic detected: HTTP traffic on port 59389 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownHTTPS traffic detected: 159.60.138.212:443 -> 192.168.2.24:59356 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:59382 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:59384 version: TLS 1.2
Source: unknownHTTPS traffic detected: 159.60.138.212:443 -> 192.168.2.24:59387 version: TLS 1.2
Source: unknownHTTPS traffic detected: 159.60.138.212:443 -> 192.168.2.24:59388 version: TLS 1.2
Source: unknownHTTPS traffic detected: 159.60.138.212:443 -> 192.168.2.24:59389 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:59396 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:59402 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:59408 version: TLS 1.2

System Summary

barindex
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Source: screenshotOCR: enable macros. Help 2, SATISFACTORY CHIEF AUDIT EXECUTIVE: AUDIT DEPT. AUDIT TEAM EXECUTIVE SUMMARY
Source: classification engineClassification label: mal76.evad.winDOCX@5/12@2/2
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Desktop\~$YY-NNN AUDIT DETAIL REPORT .docxJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{E4641700-58B3-43BD-B5EE-21743ADD8A0E} - OProcSessId.datJump to behavior
Source: YYYY-NNN AUDIT DETAIL REPORT .docxOLE indicator, Word Document stream: true
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: YYYY-NNN AUDIT DETAIL REPORT .docxVirustotal: Detection: 11%
Source: YYYY-NNN AUDIT DETAIL REPORT .docxReversingLabs: Detection: 15%
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\YYYY-NNN AUDIT DETAIL REPORT .docx" /o ""
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\YYYY-NNN AUDIT DETAIL REPORT .docx" /o ""
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = word/_rels/header2.xml.rels
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = word/comments.xml
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/item2.xml
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/itemProps2.xml
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = [trash]/0000.dat
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/itemProps3.xml
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/item4.xml
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/itemProps4.xml
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/itemProps5.xml
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = word/commentsExtended.xml
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = word/people.xml
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = docProps/custom.xml
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/_rels/item3.xml.rels
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/_rels/item4.xml.rels
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/_rels/item5.xml.rels
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/item3.xml
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE zip file path = customXml/item5.xml
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: YYYY-NNN AUDIT DETAIL REPORT .docxInitial sample: OLE indicators vbamacros = False

Persistence and Installation Behavior

barindex
Contains an external reference to another file
Source: settings.xml.relsExtracted files from sample: https://audimex.nexi.it/pages/prod/wal/audimex_addin.dot
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts3
Exploitation for Client Execution		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Virtualization/Sandbox Evasion		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Rundll32		LSA Secrets3
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
YYYY-NNN AUDIT DETAIL REPORT .docx11%VirustotalBrowse
YYYY-NNN AUDIT DETAIL REPORT .docx16%ReversingLabsDocument.Exploit.TempInj
YYYY-NNN AUDIT DETAIL REPORT .docx100%AviraEXP/TempInj.BA

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://loki.officenet.eaglex.ic.gov0%Avira URL Cloudsafe
https://react-native-community.github.io/async-storage/docs/advanced/jest0%Avira URL Cloudsafe
https://loki.officenet.microsoft.scloud0%Avira URL Cloudsafe
https://loki.delve.office.de0%Avira URL Cloudsafe
https://audimex.nexi.it/pages/prod/wal/audimex_addin.dot0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ves-io-f35000c6-187d-4400-baeb-13d55394e070.ac.vh.ves.io
159.60.138.212
truetrue
    		unknown
    audimex.nexi.it
    		unknown
    		unknowntrue
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://audimex.nexi.it/pages/prod/wal/audimex_addin.dottrue
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://gcc.loki.delve.office.comprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
        		high
        https://react-native-community.github.io/async-storage/docs/advanced/jestprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://gcchigh.loki.office365.usprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
          		high
          https://df.loki.delve.office.comprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
            		high
            https://loki.officenet.eaglex.ic.govprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://loki.delve.office.deprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://loki.officenet.microsoft.scloudprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://github.com/react-native-community/react-native-async-storage/issuesprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
              		high
              https://msit.loki.delve.office.comprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
                		high
                https://loki.delve.office.comprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
                  		high
                  https://dod.loki.office365.usprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
                    		high
                    https://loki.office365.cnprep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache.1.drfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      159.60.138.212
                      		ves-io-f35000c6-187d-4400-baeb-13d55394e070.ac.vh.ves.ioNetherlands
                      		11351TWC-11351-NORTHEASTUStrue

                      Private

                      IP
                      192.168.2.24

                      General Information

                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1589950
                      Start date and time:2025-01-13 11:16:08 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 5m 8s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                      Run name:Potential for more IOCs and behavior
                      Number of analysed new started processes analysed:15
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:YYYY-NNN AUDIT DETAIL REPORT .docx
                      Detection:MAL
                      Classification:mal76.evad.winDOCX@5/12@2/2
                      Cookbook Comments:
                      • Found application associated with file extension: .docx

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 104.18.38.233, 172.64.149.23, 52.113.194.132, 52.109.76.243, 52.109.76.144, 52.168.117.175, 95.100.110.77, 95.100.110.74, 2.20.245.216, 2.20.245.225, 2.23.240.50, 52.111.231.26, 52.111.231.25, 52.111.231.24, 52.111.231.23, 199.232.214.172, 13.89.179.13, 52.111.236.33, 52.111.236.35, 52.111.236.32, 52.111.236.34, 2.21.65.149, 2.21.65.130, 20.190.159.71, 4.245.163.56
                      • Excluded domains from analysis (whitelisted): e1324.dscd.akamaiedge.net, crt.comodoca.com.cdn.cloudflare.net, neu-azsc-000.odc.officeapps.live.com, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, templatesmetadata.office.net.edgekey.net, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, onedscolprdcus21.centralus.cloudapp.azure.com, login.live.com, templatesmetadata.office.net, c.pki.goog, res-1-tls.cdn.office.net, osiprod-neu-bronze-azsc-000.northeurope.cloudapp.azure.com, ecs.office.com, e40491.dscg.akamaiedge.net, client.wns.windows.com, uci.cdn.office.net, ctldl.windowsupdate.com, onedscolprdeus19.eastus.cloudapp.azure.com, prod.roaming1.live.com.akadns.net, uci.edog.cdn.office.net.edgekey.net, s-0005-office.config.skype.com, crt.comodoca.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, x1.c.lencr.org, e26769.dscb.akamaiedge.net,
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size getting too big, too many NtCreateFile calls found.
                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • Report size getting too big, too many NtSetValueKey calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      TWC-11351-NORTHEASTUShttp://aeromorning.comGet hashmaliciousUnknownBrowse
                      • 98.82.157.137
                      elitebotnet.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                      • 98.66.104.159
                      6.elfGet hashmaliciousUnknownBrowse
                      • 98.84.28.81
                      https://informed.deliveryerz.top/us/Get hashmaliciousUnknownBrowse
                      • 98.80.39.185
                      https://informed.deliveryerw.top/us/Get hashmaliciousUnknownBrowse
                      • 98.80.39.185
                      http://ledger-recovery.co.uk/Get hashmaliciousUnknownBrowse
                      • 98.84.237.203
                      res.mips.elfGet hashmaliciousUnknownBrowse
                      • 137.36.30.213
                      6.elfGet hashmaliciousUnknownBrowse
                      • 159.57.66.185
                      4.elfGet hashmaliciousUnknownBrowse
                      • 67.253.111.1

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      258a5a1e95b8a911872bae9081526644CY SEC AUDIT PLAN 2025.docx.docGet hashmaliciousUnknownBrowse
                      • 159.60.138.212
                      H565rymIuO.docGet hashmaliciousUnknownBrowse
                      • 159.60.138.212
                      Sample_Order_000000991.xlsGet hashmaliciousUnknownBrowse
                      • 159.60.138.212
                      Payment_swift_copy.xlsGet hashmaliciousUnknownBrowse
                      • 159.60.138.212
                      6a5d235ee78c6aede6a61448b4e9ff1e3bSDIpSIdF.msiGet hashmaliciousUnknownBrowse
                      • 40.115.3.253
                      http://unikuesolutions.com/ck/bd/%7BRANDOM_NUMBER05%7D/YmVuc29uLmxpbkB2aGFjb3JwLmNvbQ==Get hashmaliciousUnknownBrowse
                      • 40.115.3.253
                      2M and OPS Cobot White Paper 01082025 TM CH (1).docxGet hashmaliciousUnknownBrowse
                      • 40.115.3.253
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 40.115.3.253
                      http://pdfdrive.com.coGet hashmaliciousUnknownBrowse
                      • 40.115.3.253
                      https://form.fillout.com/t/emEtLm993dusGet hashmaliciousUnknownBrowse
                      • 40.115.3.253
                      https://www.tremendous.com/email/activate/yE_yBdRtyVv4Xqgg7hu_Get hashmaliciousUnknownBrowse
                      • 40.115.3.253
                      https://lap.gnoqwwhpwe.ru/3aeK/#Dmestevao@iif.comGet hashmaliciousUnknownBrowse
                      • 40.115.3.253
                      https://versyasist.website/sism.mp3Get hashmaliciousHTMLPhisherBrowse
                      • 40.115.3.253
                      http://11ofus.caGet hashmaliciousUnknownBrowse
                      • 40.115.3.253

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Temp\Outlook Logging\WINWORD_16_0_18129_20158-20250113T0517220906-6640.etl

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):8192
                      Entropy (8bit):3.349294681572156
                      Encrypted:false
                      SSDEEP:48:bwOPKJkYZ9vb6CQTPM+KmtnGNBzCB/5ZNhQIwBgC/eo9Iq:piJDZ9mC+PM+8v1
                      MD5:AE04E2CCDAC123DDB9C937B7971880B4
                      SHA1:EE574B2786AE9C92FB4ED94E40C5E0C1B115E39B
                      SHA-256:B24911256276477A4DF3089CC25F003AA662E0236AAF67E1F0607F9200CA737E
                      SHA-512:479585B4A9279FBF483982F060422C01833BCB28E55C8CB293534D80DC3FB5E7EC59D46C33D75CD54304C430B3862DD7075BBCBF2C5DC3F746619983FE7A5498
                      Malicious:false
                      Reputation:low
                      Preview:............................................................................j...........7B.U.e..................gX..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@FK.JJ..........7B.U.e..........v.2._.W.I.N.W.O.R.D.:.1.9.f.0.:.1.9.0.a.3.3.2.d.6.1.1.8.4.9.4.e.b.d.3.2.1.6.9.3.d.1.9.4.a.2.6.6...C.:.\.U.s.e.r.s.\.M.a.o.g.a.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.W.I.N.W.O.R.D._.1.6._.0._.1.8.1.2.9._.2.0.1.5.8.-.2.0.2.5.0.1.1.3.T.0.5.1.7.2.2.0.9.0.6.-.6.6.4.0...e.t.l.............P.P............U.e..........................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\Outlook Logging\WINWORD_16_0_18129_20158-20250113T0518360534-6712.etl

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):4096
                      Entropy (8bit):1.2636124188091178
                      Encrypted:false
                      SSDEEP:12:05JCPPqF69Fq5zzTx2y2PvSJrQ11X34ZpS3lZn:gU1iTx2ywSJkH4ZpSVZn
                      MD5:F8C7D14FE2136D25B07D3865F20EC4E4
                      SHA1:4E3E48A0AF2A1D154767562B2501B181F54CBE98
                      SHA-256:FEB908A9A3FFA40B4E1A94A85D93F3726C94C91C7D6833ADB82D94AA9011C430
                      SHA-512:E3925C7A77AC71E08D1CAF27C0B5FDAE9DA24B32BF9786CD6CAAA0C220441687E43FF9CA7044F33954DC5F4662D116359E806E84520894C95569750797CB01FE
                      Malicious:false
                      Reputation:low
                      Preview:............................................................................j...D...8.......e..................gX..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@FK.JJ..............e..........v.2._.W.I.N.W.O.R.D.:.1.a.3.8.:.b.a.3.6.6.6.8.a.4.3.b.d.4.9.2.7.9.a.e.1.a.5.1.8.2.9.e.3.f.5.b.d...C.:.\.U.s.e.r.s.\.M.a.o.g.a.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.W.I.N.W.O.R.D._.1.6._.0._.1.8.1.2.9._.2.0.1.5.8.-.2.0.2.5.0.1.1.3.T.0.5.1.8.3.6.0.5.3.4.-.6.7.1.2...e.t.l.............P.P.D...8.......e..........................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\mso1CD2.tmp

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:GIF image data, version 89a, 15 x 15
                      Category:dropped
                      Size (bytes):663
                      Entropy (8bit):5.949125862393289
                      Encrypted:false
                      SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                      MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                      SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                      SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                      SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

                      C:\Users\user\AppData\Local\Temp\msoFC3F.tmp

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:GIF image data, version 89a, 15 x 15
                      Category:dropped
                      Size (bytes):663
                      Entropy (8bit):5.949125862393289
                      Encrypted:false
                      SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                      MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                      SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                      SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                      SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

                      C:\Users\user\AppData\Local\Temp\prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):1127211
                      Entropy (8bit):5.812814119457844
                      Encrypted:false
                      SSDEEP:24576:y/T48adNSu65QT+wkOA21Pa601IURbx6uhdYwjERkwhgizvU72DV:yb486Su6rwkOA21Pa601IYx6UEGiFh
                      MD5:5F6A325EFF287D11AEB18114C9D7E973
                      SHA1:69B8465D2678615742794C507F69DB28A462D7FD
                      SHA-256:1605D2FF3197A3864FA48301EBD5420AD41010F6015483F4290097ED1B586B27
                      SHA-512:DD3D77AD27771DD71710DBB703C60C9E8BA62193620B44E0A30CB91DD24AF7D54B871300EC6BCC6150B9D2C4F6C4434E4B17C0AAA8CA9EEEFD8C485B487F7A90
                      Malicious:false
                      Preview:RNWPREP.....J.L[.X......2....... ..W.h.G.?'kr..1Z...##.......b........f...[ d..w.w.2...........,T.0..`......L`.....,T.%..`......5L`......TSb........^*........c....^*.......@...D..RbR.......Whe.`v'...D..Rb........MM..`......Rb........Lle.`."....Rb...P....s4..`......Rb".iS....el..`L.....Rb".......vue.`"!...D..Rb..sS....es..`B....D....`......Rb6.......oNe.`.%....Rb>.2.....Pse.`R.....RbB.......Nz..`.....D..RbV.i.....Xxe.`.&...D..Rb^.......Kt..`<....D..Rbv.}.....MUe.`B.....Rbv......PW..`......Rbz..O....Eae.``.....Rb..n.....I0e.`......Rb........JAe.`.....D..Rbv.......Uee.`......Rbz..G....gue.`. ....Rb..1 ....ue..`n.....Rb........FAe.`......Rb..@X....X1e.`b"....Rbz.\.....Zo..`.#...D..Rb........S5..`Z.....Rb........Ch..`J....D..Rb........xv..`D.....Rb.......O_..`......Rb..|.....Fie.``.....Rb..[p....Ql..`......Rb..Y?....g6..`......Rb........ETe.`......Rb..F=....Xce.`. ...D..Rb.......ZA..`~$...D..Rb...^....Yk..`......Rb.@.....dse.`......Rb.w.....UIe.`......Rb..S]....aN..`.....D..Rb..M....

                      C:\Users\user\AppData\Local\Temp\~DF4E848FE7A9031A18.TMP

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\~DFBFB845C04E618441.TMP

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\~DFC32A9A476B2D15E1.TMP

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\~DFC825BCE38155D687.TMP

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\Desktop\~$YY-NNN AUDIT DETAIL REPORT .docx

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):162
                      Entropy (8bit):2.6938792386294015
                      Encrypted:false
                      SSDEEP:3:HlGzV/V/RtllflAktll01+k20oVMCf/njn:Fy/V/R1ek101b20oV3L
                      MD5:D744FCBE49634E8F3BE045A894ED00A1
                      SHA1:370CAFF19310DF22214EEF9979463FE78D5BE40D
                      SHA-256:3D955BC0586F3B25C6A315673A2FB8EF2E5892991C57B3305FF7BA07B088FB48
                      SHA-512:8CAD072C712547922D56BA66CEA445AAC90A24B0FE278CD426F9C97162680E1848F9A7244481F73BE382856CC6B47E695A1F7752FBBDA8CF12046A370678D7D1
                      Malicious:false
                      Preview:................................................................z.}.......}...l..wn...l..wn...I.......................I........<.L.e..S...p...L..y.e..........6.E.

                      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:Microsoft Outlook email folder (>=2003)
                      Category:dropped
                      Size (bytes):271360
                      Entropy (8bit):0.9473359866501169
                      Encrypted:false
                      SSDEEP:384:MMIjcNm5NexSBPLF/88lNk7Lg0sg77wYEW7BH2bBOMPLkZABzNuTe0Qf34IeoJaK:MMQcNmlBj1tlm8PbjNjkZABx43QfoIe
                      MD5:F938A2F463C94D643DCED2E39E88B57E
                      SHA1:69D1D85D414A90EAA4A9F30D3B1E5E6D3F6D3421
                      SHA-256:BF3F98CAE5A9A1A0B109F62E31561800A5CEC9598B3D85843EBA0F013CB30C49
                      SHA-512:79BE2D4E455D2E233FD97C549C1566F94D9369CC45F33C919F104D77E63BF64CF9173E5E12B09995F9DF773B64F7ECC117998CEEE48560F2AD4FA24C8624FA3D
                      Malicious:false
                      Preview:!BDN./i.SM......x....2...%..............K................@...........@...@...................................@...........................................................................$.......D.......J........................................................................................................................................................................................................................................................................................................................................$.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                      Download File
                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):131072
                      Entropy (8bit):0.2134293527357944
                      Encrypted:false
                      SSDEEP:48:OcYKnNpFticlJiRqG0Bvl8DHC5kZgnxBF5KMZ2Zko:OcYYpFtfQgGe98LfMn
                      MD5:6EA25A15971410D35813BE9C47811C22
                      SHA1:F4F158C961CD8DB0A9453477FD13317A0B029BB1
                      SHA-256:EE11E822C73AA3682BE6209AA5116F1F5A54A001B69370AD07575FB342CCD962
                      SHA-512:25514E0A92B06F7CD715B1077126DFB0376D24410DCA53F8A965BF18CE6A6069B953ECDE711B9A1258FDD252BF4B0CB6045AB607A8AF06DF4E07A039027C9663
                      Malicious:false
                      Preview:.x..C... ............9.L.e....................#.!BDN./i.SM......x....2...%..............K................@...........@...@...................................@...........................................................................$.......D.......J........................................................................................................................................................................................................................................................................................................................................$..9.L.e....................#.t........x......<.......|........}..............................4................_......h................m......<...............@....... ................^..............,........W......r.......0...............f.......p........X......8...............@`......................@a......................@n..............................................@p......|...............@H......................

                      Static File Info

                      General

                      File type:Microsoft Word 2007+
                      Entropy (8bit):7.7905210436397505
                      TrID:
                      • Word Microsoft Office Open XML Format document (49504/1) 58.23%
                      • Word Microsoft Office Open XML Format document (27504/1) 32.35%
                      • ZIP compressed archive (8000/1) 9.41%
                      File name:YYYY-NNN AUDIT DETAIL REPORT .docx
                      File size:111'689 bytes
                      MD5:0475b8190723d39625ff0f476d11a9ea
                      SHA1:6a8ff09cad3b66a9b69a289df76e729580c4135b
                      SHA256:2c0b31d47ed0d44046c1a010cc26098507147783bd49c76fbf7daf678ce4343b
                      SHA512:db6347f4c7f8b1ed41b4d1e2498ed2b1c873d6091f2c9cb05a87954fa7fc911efc4419f3952a265497183832c2b5b60c15aa6c7da2aba8c3ff557efc874c50ae
                      SSDEEP:1536:teZ3dqp8LDF0POlO+/IK85309yRzA9H2YfbwJQ8TVEt+okwsQVx2XUK1koAlRk9:tcNqePF0ml80IzEHFbwJQ8TFYdKvERM
                      TLSH:13B3F128D814B82DC6232E78D46D44F4B3554902D75BAA1B7C18FBAC9B843CB963E7C7
                      File Content Preview:PK..........!..m..............[Content_Types].xml ...(.........................................................................................................................................................................................................

                      File Icon

                      Icon Hash:35e5c48caa8a8599

                      Static OLE Info

                      General

                      Document Type:OpenXML
                      Number of OLE Files:1

                      OLE File "YYYY-NNN AUDIT DETAIL REPORT .docx"

                      Indicators
                      Has Summary Info:
                      Application Name:
                      Encrypted Document:False
                      Contains Word Document Stream:True
                      Contains Workbook/Book Stream:False
                      Contains PowerPoint Document Stream:False
                      Contains Visio Document Stream:False
                      Contains ObjectPool Stream:False
                      Flash Objects Count:0
                      Contains VBA Macros:False

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                      2025-01-13T11:17:14.195599+01001810005Joe Security ANOMALY Microsoft Office WebDAV Discovery1192.168.2.2459357159.60.138.212443TCP
                      2025-01-13T11:17:17.216576+01001810004Joe Security ANOMALY Microsoft Office HTTP activity1192.168.2.2459360159.60.138.212443TCP
                      2025-01-13T11:18:27.971624+01001810004Joe Security ANOMALY Microsoft Office HTTP activity1192.168.2.2459391159.60.138.212443TCP

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jan 13, 2025 11:17:10.942939997 CET5935553192.168.2.241.1.1.1
                      Jan 13, 2025 11:17:11.161293030 CET53593551.1.1.1192.168.2.24
                      Jan 13, 2025 11:17:11.162621021 CET5935553192.168.2.241.1.1.1
                      Jan 13, 2025 11:17:11.215284109 CET5935553192.168.2.241.1.1.1
                      Jan 13, 2025 11:17:11.220067978 CET53593551.1.1.1192.168.2.24
                      Jan 13, 2025 11:17:11.738006115 CET53593551.1.1.1192.168.2.24
                      Jan 13, 2025 11:17:11.770755053 CET5935553192.168.2.241.1.1.1
                      Jan 13, 2025 11:17:11.771723032 CET59356443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:11.771743059 CET44359356159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:11.771801949 CET59356443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:11.772393942 CET59356443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:11.772403955 CET44359356159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:11.776667118 CET53593551.1.1.1192.168.2.24
                      Jan 13, 2025 11:17:11.776724100 CET5935553192.168.2.241.1.1.1
                      Jan 13, 2025 11:17:12.530567884 CET44359356159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:12.530677080 CET59356443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:12.533617973 CET59356443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:12.533623934 CET44359356159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:12.533829927 CET44359356159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:12.534823895 CET59356443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:12.575320959 CET44359356159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:12.920135021 CET44359356159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:12.920361996 CET44359356159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:12.920424938 CET59356443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:12.920954943 CET59356443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:12.920964956 CET44359356159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:12.920974970 CET59356443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:12.920979023 CET44359356159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:12.938319921 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:12.938409090 CET44359357159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:12.938512087 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:12.940295935 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:12.940330029 CET44359357159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:13.811814070 CET44359357159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:13.811903954 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:13.843741894 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:13.843774080 CET44359357159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:13.844955921 CET44359357159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:13.845027924 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:13.846745014 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:13.846831083 CET44359357159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:13.847068071 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:13.847084045 CET44359357159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:13.847141981 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:13.869292974 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:13.915326118 CET44359357159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:14.195601940 CET44359357159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:14.195658922 CET44359357159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:14.195674896 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:14.195713043 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:14.195822001 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:14.195868015 CET44359357159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:14.195898056 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:14.195938110 CET59357443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:14.209295988 CET59358443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:14.209321022 CET44359358159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:14.209443092 CET59358443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:14.209773064 CET59358443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:14.209784031 CET44359358159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:14.978948116 CET44359358159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:14.979974031 CET59358443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:14.979988098 CET44359358159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:14.980602026 CET59358443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:14.980607033 CET44359358159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:15.345079899 CET44359358159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:15.345129013 CET44359358159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:15.345200062 CET59358443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:15.345331907 CET59358443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:15.345331907 CET59358443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:15.345344067 CET44359358159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:15.345351934 CET44359358159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:15.385267973 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:15.385302067 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:15.385468006 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:15.386703014 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:15.386713028 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:16.138647079 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:16.138767004 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:16.140569925 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:16.140579939 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:16.140889883 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:16.140954018 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:16.141855955 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:16.141908884 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:16.141957998 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:16.142085075 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:16.187319994 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.216569901 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.216648102 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.221652985 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.221659899 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.221716881 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.221728086 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.221748114 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.221801996 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.221801996 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.223606110 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.223619938 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.223707914 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.223707914 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.223716021 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.224023104 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.226659060 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.226674080 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.226759911 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.226766109 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.226886034 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.228908062 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.228921890 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.228972912 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.228977919 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.229005098 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.229181051 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.231533051 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.231547117 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.231597900 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.231609106 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.231651068 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.233139038 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.233150959 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.233210087 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.233216047 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.233261108 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.234473944 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.234487057 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.234559059 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.234564066 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.234705925 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.236061096 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.236076117 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.236148119 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.236152887 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.236280918 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.236860991 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.236881018 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.236931086 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.236937046 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.236975908 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.236975908 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.237211943 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.237226009 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.237350941 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.237355947 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.237637043 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.238344908 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.238359928 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.238423109 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.238430023 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.238442898 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.238470078 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.239387035 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.239399910 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.239687920 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.239694118 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.239784002 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.239845991 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.239860058 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.239907980 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.239912987 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.239949942 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.239949942 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.240096092 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.240108967 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.240168095 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.240180016 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.240307093 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.241394997 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.241408110 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.241472006 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.241472006 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.241477966 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.241552114 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.241755009 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.241771936 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.241827965 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.241832972 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.241887093 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.242266893 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.242280960 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.242331982 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.242337942 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.242355108 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.242513895 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.242522001 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.242533922 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.242600918 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.242605925 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.242641926 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.242641926 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.243444920 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.243458033 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.243558884 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.243565083 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.243627071 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.243721008 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.243733883 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.243781090 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.243786097 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.243819952 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.243819952 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.244143009 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.244157076 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.244214058 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.244219065 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.244234085 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.244294882 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.244524956 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.244538069 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.244611025 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.244611025 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.244616985 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.244676113 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.244967937 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.244980097 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.245028973 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.245040894 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.245122910 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.245122910 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.245306015 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.245318890 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.245402098 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.245408058 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.245415926 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.245448112 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.245805025 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.245819092 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.245868921 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.245888948 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.245893002 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.245951891 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.245951891 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.247210979 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.247221947 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.247267962 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.247342110 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.247344971 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.247381926 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.247559071 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.247571945 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.247641087 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.247641087 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.247646093 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.247714996 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.247936964 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.247948885 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.248032093 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.248037100 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.248145103 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.248445988 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.248459101 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.248527050 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.248527050 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.248533010 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.248589039 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.248778105 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.248795033 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.248851061 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.248857975 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.248904943 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.249228954 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.249243021 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.249319077 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.249319077 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.249322891 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.249332905 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.249377012 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.249386072 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.249386072 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.249409914 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.249459028 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.249459028 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.249917030 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.249928951 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.249975920 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.249983072 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.249986887 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.250022888 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.250052929 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.250058889 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.250097990 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.250225067 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.250528097 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.250539064 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.250590086 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.250602961 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.250653982 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.250660896 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.250675917 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.250724077 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.250729084 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.250757933 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.250824928 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.251385927 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.251399994 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.251461983 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.251466990 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.251494884 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.251498938 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.251528978 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.251543045 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.251590014 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.251595974 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.251626968 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.251646042 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.252352953 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.252372026 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.252398968 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.252434969 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.252434969 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.252445936 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.252470016 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.252480984 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.252507925 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.252547026 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.252558947 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.252588987 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.252594948 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.252648115 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.252648115 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.253284931 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.253298044 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.253354073 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.253359079 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.253382921 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.253402948 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.253439903 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.253453016 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.253493071 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.253499985 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.253510952 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.253549099 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.253585100 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.253591061 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.253607988 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.253634930 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.254262924 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.254278898 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.254347086 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.254352093 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.254390955 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.254409075 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.254436970 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.254436970 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.254446030 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.254477024 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.254477024 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.255028963 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.255040884 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.255106926 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.255110979 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.255147934 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.255147934 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.287995100 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.288008928 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.288070917 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.288074970 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.288165092 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.288395882 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.288410902 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.288676023 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.288676023 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.288681984 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.288742065 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.288798094 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.288815022 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.288866997 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.288872957 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.288889885 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.288950920 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.289077044 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.289096117 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.289144993 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.289149046 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.289195061 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.289195061 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.309542894 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.309556961 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.309689045 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.309694052 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.309791088 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.328329086 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.328341007 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.328389883 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.328396082 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.328442097 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.328442097 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.328669071 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.328681946 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.328762054 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.328767061 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.328782082 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.328845024 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.329071045 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.329085112 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.329138994 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.329144001 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.329180002 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.329180002 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.537226915 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.537250042 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.537306070 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.537317991 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.537349939 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.537404060 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.537404060 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.537682056 CET59360443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.537699938 CET44359360159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.572601080 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.572623014 CET44359362159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:17.572712898 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.574171066 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:17.574181080 CET44359362159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:18.329125881 CET44359362159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:18.329180956 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.331337929 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.331351042 CET44359362159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:18.331680059 CET44359362159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:18.331762075 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.332607985 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.332667112 CET44359362159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:18.332721949 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.332721949 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.375329018 CET44359362159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:18.721714020 CET44359362159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:18.721780062 CET44359362159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:18.721844912 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.721956968 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.721975088 CET44359362159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:18.721996069 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.722017050 CET59362443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.781431913 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.781483889 CET44359363159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:18.781574965 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.782490969 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:18.782512903 CET44359363159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:19.563141108 CET44359363159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:19.563235044 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:19.564816952 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:19.564845085 CET44359363159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:19.566086054 CET44359363159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:19.566148996 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:19.567157030 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:19.567276001 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:19.567406893 CET44359363159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:19.567475080 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:19.958477020 CET44359363159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:19.958551884 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:19.958600998 CET44359363159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:19.958631992 CET44359363159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:19.958652020 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:19.958683014 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:19.958853960 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:19.958853960 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:19.958887100 CET44359363159.60.138.212192.168.2.24
                      Jan 13, 2025 11:17:19.958941936 CET59363443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:17:50.131386995 CET4972880192.168.2.24192.229.221.95
                      Jan 13, 2025 11:17:50.131488085 CET49727443192.168.2.2448.209.144.71
                      Jan 13, 2025 11:17:50.136651039 CET8049728192.229.221.95192.168.2.24
                      Jan 13, 2025 11:17:50.136759996 CET4972880192.168.2.24192.229.221.95
                      Jan 13, 2025 11:17:50.136878014 CET4434972748.209.144.71192.168.2.24
                      Jan 13, 2025 11:17:50.136929035 CET49727443192.168.2.2448.209.144.71
                      Jan 13, 2025 11:17:51.081768036 CET5937780192.168.2.24142.250.184.227
                      Jan 13, 2025 11:17:51.086744070 CET8059377142.250.184.227192.168.2.24
                      Jan 13, 2025 11:17:51.086903095 CET5937780192.168.2.24142.250.184.227
                      Jan 13, 2025 11:17:51.087457895 CET5937780192.168.2.24142.250.184.227
                      Jan 13, 2025 11:17:51.092751026 CET8059377142.250.184.227192.168.2.24
                      Jan 13, 2025 11:17:51.720120907 CET8059377142.250.184.227192.168.2.24
                      Jan 13, 2025 11:17:51.768033981 CET5937780192.168.2.24142.250.184.227
                      Jan 13, 2025 11:17:51.782851934 CET5937880192.168.2.2423.209.209.135
                      Jan 13, 2025 11:17:51.787796021 CET805937823.209.209.135192.168.2.24
                      Jan 13, 2025 11:17:51.787909031 CET5937880192.168.2.2423.209.209.135
                      Jan 13, 2025 11:17:51.788048983 CET5937880192.168.2.2423.209.209.135
                      Jan 13, 2025 11:17:51.792864084 CET805937823.209.209.135192.168.2.24
                      Jan 13, 2025 11:17:52.415100098 CET805937823.209.209.135192.168.2.24
                      Jan 13, 2025 11:17:52.422369003 CET4973080192.168.2.24199.232.210.172
                      Jan 13, 2025 11:17:52.422386885 CET4972980192.168.2.24199.232.210.172
                      Jan 13, 2025 11:17:52.427508116 CET8049730199.232.210.172192.168.2.24
                      Jan 13, 2025 11:17:52.427597046 CET4973080192.168.2.24199.232.210.172
                      Jan 13, 2025 11:17:52.427916050 CET8049729199.232.210.172192.168.2.24
                      Jan 13, 2025 11:17:52.428000927 CET4972980192.168.2.24199.232.210.172
                      Jan 13, 2025 11:17:52.467492104 CET5937880192.168.2.2423.209.209.135
                      Jan 13, 2025 11:18:14.903366089 CET49673443192.168.2.2420.198.118.190
                      Jan 13, 2025 11:18:14.903470993 CET4434967320.198.118.190192.168.2.24
                      Jan 13, 2025 11:18:15.562108994 CET59382443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:15.562185049 CET4435938240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:15.562295914 CET59382443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:15.563258886 CET59382443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:15.563293934 CET4435938240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:16.373308897 CET4435938240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:16.373450041 CET59382443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:16.382683039 CET59382443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:16.382705927 CET4435938240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:16.383120060 CET4435938240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:16.434221983 CET59382443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:17.702655077 CET59382443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:17.702723980 CET59382443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:17.702755928 CET4435938240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:17.702856064 CET59382443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:17.743377924 CET4435938240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:18.022782087 CET4435938240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:18.022888899 CET4435938240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:18.022964001 CET59382443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:18.023183107 CET59382443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:18.023220062 CET4435938240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:18.646214008 CET59384443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:18.646313906 CET4435938440.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:18.646469116 CET59384443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:18.647562027 CET59384443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:18.647603035 CET4435938440.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:19.437889099 CET4435938440.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:19.438107967 CET59384443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:19.441380024 CET59384443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:19.441399097 CET4435938440.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:19.441740990 CET4435938440.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:19.487482071 CET59384443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:21.348328114 CET59384443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:21.348386049 CET59384443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:21.348413944 CET4435938440.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:21.348553896 CET59384443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:21.395325899 CET4435938440.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:21.520468950 CET4435938440.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:21.520554066 CET4435938440.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:21.520740032 CET59384443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:21.522070885 CET59384443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:21.522106886 CET4435938440.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:23.972440004 CET443497262.16.158.192192.168.2.24
                      Jan 13, 2025 11:18:23.972528934 CET443497262.16.158.192192.168.2.24
                      Jan 13, 2025 11:18:23.972573042 CET49726443192.168.2.242.16.158.192
                      Jan 13, 2025 11:18:23.972642899 CET49726443192.168.2.242.16.158.192
                      Jan 13, 2025 11:18:24.457755089 CET59387443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:24.457806110 CET44359387159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:24.457890034 CET59387443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:24.458424091 CET59387443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:24.458437920 CET44359387159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:24.459006071 CET59388443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:24.459037066 CET44359388159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:24.459104061 CET59388443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:24.459249973 CET59388443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:24.459264040 CET44359388159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.212837934 CET44359387159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.213048935 CET59387443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.215770006 CET59387443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.215786934 CET44359387159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.216145039 CET44359387159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.217252016 CET59387443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.229526043 CET44359388159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.229595900 CET59388443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.231941938 CET59388443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.231952906 CET44359388159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.232342958 CET44359388159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.233300924 CET59388443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.259363890 CET44359387159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.275326967 CET44359388159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.540600061 CET44359387159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.540668964 CET44359387159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.540745974 CET59387443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.540844917 CET59387443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.540844917 CET59387443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.540860891 CET44359387159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.540872097 CET44359387159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.551455021 CET59389443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.551523924 CET44359389159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.551611900 CET59389443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.552196026 CET59389443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.552229881 CET44359389159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.612483978 CET44359388159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.612634897 CET44359388159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.612657070 CET59388443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.612687111 CET44359388159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.612699986 CET59388443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.612699986 CET59388443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.612706900 CET44359388159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.612714052 CET44359388159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.624366999 CET59390443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.624391079 CET44359390159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:25.624455929 CET59390443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.625009060 CET59390443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:25.625024080 CET44359390159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.340773106 CET44359389159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.340873003 CET59389443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.343466043 CET59389443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.343487024 CET44359389159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.343827009 CET44359389159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.345031023 CET59389443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.387351990 CET44359389159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.419107914 CET44359390159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.419671059 CET59390443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.419691086 CET44359390159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.420301914 CET59390443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.420309067 CET44359390159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.704081059 CET44359389159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.704132080 CET44359389159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.704204082 CET59389443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.704354048 CET59389443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.704395056 CET44359389159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.704425097 CET59389443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.704441071 CET44359389159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.786739111 CET44359390159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.786883116 CET44359390159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.786936998 CET59390443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.787014008 CET59390443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.787029028 CET44359390159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.787041903 CET59390443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.787050962 CET44359390159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.813745975 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.813821077 CET44359391159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:26.813910007 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.815538883 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:26.815582037 CET44359391159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:27.610670090 CET44359391159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:27.611308098 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.613094091 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.613121986 CET44359391159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:27.614595890 CET44359391159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:27.614701986 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.616060972 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.616161108 CET44359391159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:27.616221905 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.616240025 CET44359391159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:27.617433071 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.617463112 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.663326025 CET44359391159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:27.971647978 CET44359391159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:27.971713066 CET44359391159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:27.971787930 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.971788883 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.971893072 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.971893072 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.971935987 CET44359391159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:27.971998930 CET59391443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.981307030 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.981338978 CET44359392159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:27.981462002 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.983195066 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:27.983211040 CET44359392159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:28.765896082 CET44359392159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:28.766014099 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:28.767852068 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:28.767863989 CET44359392159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:28.768682957 CET44359392159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:28.768743038 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:28.769642115 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:28.769789934 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:28.769855976 CET44359392159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:28.769917965 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:29.185559034 CET44359392159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:29.185630083 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:29.185647964 CET44359392159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:29.185697079 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:29.185712099 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:29.185740948 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:29.185746908 CET44359392159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:29.185794115 CET59392443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:29.225001097 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:29.225039005 CET44359394159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:29.225119114 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:29.226979971 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:29.226998091 CET44359394159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:29.997126102 CET44359394159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:29.997201920 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:29.998539925 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:29.998553991 CET44359394159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:29.999159098 CET44359394159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:29.999206066 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:30.000031948 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:30.000119925 CET44359394159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:30.000178099 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:30.000264883 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:30.043374062 CET44359394159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:30.325201035 CET44359394159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:30.325272083 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:30.325293064 CET44359394159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:30.325342894 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:30.325371027 CET44359394159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:30.325421095 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:30.328378916 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:30.328398943 CET44359394159.60.138.212192.168.2.24
                      Jan 13, 2025 11:18:30.328442097 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:30.328588963 CET59394443192.168.2.24159.60.138.212
                      Jan 13, 2025 11:18:31.865796089 CET59396443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:31.865818024 CET4435939640.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:31.865921021 CET59396443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:31.866848946 CET59396443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:31.866861105 CET4435939640.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:32.484936953 CET4435939640.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:32.485029936 CET59396443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:32.487904072 CET59396443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:32.487907887 CET4435939640.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:32.488873959 CET4435939640.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:32.536042929 CET59396443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:33.742508888 CET59396443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:33.742584944 CET59396443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:33.742590904 CET4435939640.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:33.742786884 CET59396443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:33.783320904 CET4435939640.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:33.919630051 CET4435939640.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:33.919851065 CET4435939640.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:33.919933081 CET59396443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:33.936976910 CET59396443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:33.936985016 CET4435939640.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:41.788697004 CET4973380192.168.2.24192.229.221.95
                      Jan 13, 2025 11:18:41.793761969 CET8049733192.229.221.95192.168.2.24
                      Jan 13, 2025 11:18:41.793828011 CET4973380192.168.2.24192.229.221.95
                      Jan 13, 2025 11:18:46.422883034 CET59402443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:46.422981024 CET4435940240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:46.423141956 CET59402443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:46.423993111 CET59402443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:46.424030066 CET4435940240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:46.444130898 CET49741443192.168.2.242.23.242.162
                      Jan 13, 2025 11:18:46.519488096 CET443497412.23.242.162192.168.2.24
                      Jan 13, 2025 11:18:46.519579887 CET49741443192.168.2.242.23.242.162
                      Jan 13, 2025 11:18:47.303862095 CET4435940240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:47.303985119 CET59402443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:47.306596994 CET59402443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:47.306617022 CET4435940240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:47.306951046 CET4435940240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:47.348156929 CET59402443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:47.881191015 CET49742443192.168.2.242.23.242.162
                      Jan 13, 2025 11:18:47.886600018 CET443497422.23.242.162192.168.2.24
                      Jan 13, 2025 11:18:47.886662960 CET49742443192.168.2.242.23.242.162
                      Jan 13, 2025 11:18:48.563520908 CET59402443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:48.563587904 CET59402443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:48.563616037 CET4435940240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:48.563746929 CET59402443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:48.607342958 CET4435940240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:48.740740061 CET4435940240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:48.740953922 CET4435940240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:48.741039991 CET59402443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:48.741170883 CET59402443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:18:48.741190910 CET4435940240.115.3.253192.168.2.24
                      Jan 13, 2025 11:18:53.107176065 CET5937880192.168.2.2423.209.209.135
                      Jan 13, 2025 11:18:53.107297897 CET5937780192.168.2.24142.250.184.227
                      Jan 13, 2025 11:18:53.114394903 CET805937823.209.209.135192.168.2.24
                      Jan 13, 2025 11:18:53.114432096 CET8059377142.250.184.227192.168.2.24
                      Jan 13, 2025 11:18:53.114484072 CET5937880192.168.2.2423.209.209.135
                      Jan 13, 2025 11:18:53.114530087 CET5937780192.168.2.24142.250.184.227
                      Jan 13, 2025 11:19:08.146462917 CET59408443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:19:08.146495104 CET4435940840.115.3.253192.168.2.24
                      Jan 13, 2025 11:19:08.146578074 CET59408443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:19:08.147475958 CET59408443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:19:08.147485018 CET4435940840.115.3.253192.168.2.24
                      Jan 13, 2025 11:19:08.936208010 CET4435940840.115.3.253192.168.2.24
                      Jan 13, 2025 11:19:08.936321020 CET59408443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:19:09.105534077 CET59408443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:19:09.105556011 CET4435940840.115.3.253192.168.2.24
                      Jan 13, 2025 11:19:09.105853081 CET4435940840.115.3.253192.168.2.24
                      Jan 13, 2025 11:19:09.148323059 CET59408443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:19:10.355844021 CET59408443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:19:10.355907917 CET59408443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:19:10.355916023 CET4435940840.115.3.253192.168.2.24
                      Jan 13, 2025 11:19:10.356014967 CET59408443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:19:10.399323940 CET4435940840.115.3.253192.168.2.24
                      Jan 13, 2025 11:19:10.527971983 CET4435940840.115.3.253192.168.2.24
                      Jan 13, 2025 11:19:10.528222084 CET4435940840.115.3.253192.168.2.24
                      Jan 13, 2025 11:19:10.528289080 CET59408443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:19:10.528944969 CET59408443192.168.2.2440.115.3.253
                      Jan 13, 2025 11:19:10.528956890 CET4435940840.115.3.253192.168.2.24
                      Jan 13, 2025 11:19:10.528975964 CET59408443192.168.2.2440.115.3.253

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jan 13, 2025 11:17:09.918081045 CET137137192.168.2.24192.168.2.255
                      Jan 13, 2025 11:17:10.673151016 CET137137192.168.2.24192.168.2.255
                      Jan 13, 2025 11:17:10.935937881 CET5088653192.168.2.241.1.1.1
                      Jan 13, 2025 11:17:10.942522049 CET53508861.1.1.1192.168.2.24
                      Jan 13, 2025 11:17:11.428303003 CET137137192.168.2.24192.168.2.255
                      Jan 13, 2025 11:18:23.923585892 CET137137192.168.2.24192.168.2.255
                      Jan 13, 2025 11:18:24.680627108 CET137137192.168.2.24192.168.2.255
                      Jan 13, 2025 11:18:25.435231924 CET137137192.168.2.24192.168.2.255

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jan 13, 2025 11:17:10.935937881 CET192.168.2.241.1.1.10x2ecStandard query (0)audimex.nexi.itA (IP address)IN (0x0001)false
                      Jan 13, 2025 11:17:11.215284109 CET192.168.2.241.1.1.10x1Standard query (0)audimex.nexi.itA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jan 13, 2025 11:17:11.738006115 CET1.1.1.1192.168.2.240x1No error (0)audimex.nexi.itves-io-f35000c6-187d-4400-baeb-13d55394e070.ac.vh.ves.ioCNAME (Canonical name)IN (0x0001)false
                      Jan 13, 2025 11:17:11.738006115 CET1.1.1.1192.168.2.240x1No error (0)ves-io-f35000c6-187d-4400-baeb-13d55394e070.ac.vh.ves.io159.60.138.212A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • audimex.nexi.it
                      • c.pki.goog
                      • x1.c.lencr.org

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination Port
                      0192.168.2.2459377142.250.184.22780
                      TimestampBytes transferredDirectionData
                      Jan 13, 2025 11:17:51.087457895 CET200OUTGET /r/r1.crl HTTP/1.1
                      Cache-Control: max-age = 3000
                      Connection: Keep-Alive
                      Accept: */*
                      If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                      User-Agent: Microsoft-CryptoAPI/10.0
                      Host: c.pki.goog
                      Jan 13, 2025 11:17:51.720120907 CET223INHTTP/1.1 304 Not Modified
                      Date: Mon, 13 Jan 2025 09:47:57 GMT
                      Expires: Mon, 13 Jan 2025 10:37:57 GMT
                      Age: 1794
                      Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                      Cache-Control: public, max-age=3000
                      Vary: Accept-Encoding


                      Session IDSource IPSource PortDestination IPDestination Port
                      1192.168.2.245937823.209.209.13580
                      TimestampBytes transferredDirectionData
                      Jan 13, 2025 11:17:51.788048983 CET227OUTGET / HTTP/1.1
                      Cache-Control: max-age = 3600
                      Connection: Keep-Alive
                      Accept: */*
                      If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMT
                      If-None-Match: "65ca969f-2cd"
                      User-Agent: Microsoft-CryptoAPI/10.0
                      Host: x1.c.lencr.org
                      Jan 13, 2025 11:17:52.415100098 CET1023INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Type: application/pkix-crl
                      Last-Modified: Fri, 13 Dec 2024 18:01:23 GMT
                      ETag: "675c7673-2de"
                      Cache-Control: max-age=3600
                      Expires: Mon, 13 Jan 2025 11:17:52 GMT
                      Date: Mon, 13 Jan 2025 10:17:52 GMT
                      Content-Length: 734
                      Connection: keep-alive
                      Data Raw: 30 82 02 da 30 81 c3 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 17 0d 32 34 31 32 31 31 30 30 30 30 30 30 5a 17 0d 32 35 31 31 31 30 32 33 35 39 35 39 5a a0 40 30 3e 30 1f 06 03 55 1d 23 04 18 30 16 80 14 79 b4 59 e6 7b b6 e5 e4 01 73 80 08 88 c8 1a 58 f6 e9 9b 6e 30 0a 06 03 55 1d 14 04 03 02 01 69 30 0f 06 03 55 1d 1c 01 01 ff 04 05 30 03 82 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02 01 00 25 d9 d5 af d1 d6 2f 91 05 35 50 65 d7 ad 13 d8 3b 73 d1 3f 5e 09 69 7f d7 82 29 12 c5 82 d0 96 fe 5f 07 a4 fe f5 92 dc e4 e2 8a 1a 2a 29 c5 eb 97 c8 85 a5 44 9b 9d ba 7b 05 2b 3f e3 3c 18 1c de 8d 37 f6 27 b5 e7 9b ef 45 e7 57 0e c1 f9 07 a5 95 44 fe e1 de 7f 9d e1 31 8c f8 1b 4f 18 5d f8 3d d7 5b e6 e2 03 a6 cb 71 0d ef 7a fe e0 8e f4 5d 1c c5 [TRUNCATED]
                      Data Ascii: 000*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X1241211000000Z251110235959Z@0>0U#0yY{sXn0Ui0U00*H%/5Pe;s?^i)_*)D{+?<7'EWD1O]=[qz]"2t@^+(zULdQpK?W)pqxW[6[V7?36_s$BwT+xw_]df_nu}yIqC`sVuP,@`|T+`/Pm w[!:O%'w9enSkbv}gGL")V 2kzr/xx}8i]oA,^i=pt>#6&7$_?k/( kAslBQDhXh~N T/BF?QCG*wsS:


                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.2459356159.60.138.2124436640C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:17:12 UTC343OUTOPTIONS /pages/prod/wal/ HTTP/1.1
                      Connection: Keep-Alive
                      Authorization: Bearer
                      User-Agent: Microsoft Office Word 2014
                      X-Office-Major-Version: 16
                      X-MS-CookieUri-Requested: t
                      X-FeatureVersion: 1
                      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
                      X-MSGETWEBURL: t
                      X-IDCRL_ACCEPTED: t
                      Host: audimex.nexi.it
                      2025-01-13 10:17:12 UTC788INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:17:12 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      allow: HEAD,GET,POST,OPTIONS,TRACE
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-length: 0
                      content-type: httpd/unix-directory
                      x-envoy-upstream-service-time: 77
                      set-cookie: 0a3d03=V3/ZPDcViQNjJPKcSr9o2gRP4o6zDgT4F5ITtIOl85igTB+YPhbKTwVXEgjAtvnIknSnnxdrXiDubz4GsKYW+Scl2e6hcCeA54fdaV+ykyohTigsofOKtRK5H1bz/Dj0eLotmh75IgW2269FAp0lmgYY1X4pM5B7zXQu7zImTjG7eQxm; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.2459357159.60.138.2124436640C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:17:13 UTC246OUTOPTIONS /pages/prod/wal/ HTTP/1.1
                      Authorization: Bearer
                      X-MS-CookieUri-Requested: t
                      X-FeatureVersion: 1
                      X-IDCRL_ACCEPTED: t
                      User-Agent: Microsoft Office Protocol Discovery
                      Host: audimex.nexi.it
                      Content-Length: 0
                      Connection: Keep-Alive
                      2025-01-13 10:17:14 UTC788INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:17:14 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      allow: HEAD,GET,POST,OPTIONS,TRACE
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-length: 0
                      content-type: httpd/unix-directory
                      x-envoy-upstream-service-time: 78
                      set-cookie: 0a3d03=fLJMQ/3EIGL5tT+ZQ+sQnDHLZN1jD4VOTBkCWtkeR/thrfAO850v73YVhdiZSU+JPB+YHjKwws/flaA1cj7/5sULTFqZdBoLB79/wrqpBNJPskruoJeafiRvC4rhfwLVQecmSpwHmJpDZfJgtunc7SZ/7fGRr9Ze+XcyHr46/IAEuCQ8; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.2459358159.60.138.2124436640C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:17:14 UTC717OUTHEAD /pages/prod/wal/audimex_addin.dot HTTP/1.1
                      Connection: Keep-Alive
                      Authorization: Bearer
                      User-Agent: Microsoft Office Word 2014
                      X-Office-Major-Version: 16
                      X-MS-CookieUri-Requested: t
                      X-FeatureVersion: 1
                      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
                      X-IDCRL_ACCEPTED: t
                      Host: audimex.nexi.it
                      Cookie: 0a3d03=fLJMQ/3EIGL5tT+ZQ+sQnDHLZN1jD4VOTBkCWtkeR/thrfAO850v73YVhdiZSU+JPB+YHjKwws/flaA1cj7/5sULTFqZdBoLB79/wrqpBNJPskruoJeafiRvC4rhfwLVQecmSpwHmJpDZfJgtunc7SZ/7fGRr9Ze+XcyHr46/IAEuCQ8; 0a3d03=V3/ZPDcViQNjJPKcSr9o2gRP4o6zDgT4F5ITtIOl85igTB+YPhbKTwVXEgjAtvnIknSnnxdrXiDubz4GsKYW+Scl2e6hcCeA54fdaV+ykyohTigsofOKtRK5H1bz/Dj0eLotmh75IgW2269FAp0lmgYY1X4pM5B7zXQu7zImTjG7eQxm
                      2025-01-13 10:17:15 UTC852INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:17:15 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      last-modified: Mon, 03 Jun 2024 13:21:12 GMT
                      etag: "e5c00-619fc35038c9d"
                      accept-ranges: bytes
                      content-length: 941056
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-type: application/msword
                      x-envoy-upstream-service-time: 72
                      set-cookie: 0a3d03=NK4aL3Zq/EbmyfriMPJOE9oubO6qS4CkbwQEMjSsiQo4bnt3kB4AnyVfECKqGWykSvWCgW/DOqEWIw9FEN/w5LnJkX/Fse5wZPFK6N9bFDSD9lb8lWmJNQD7nuR0fprtxUpAWPllLmKe8yjsmaZiHTUSztd/sg7/dmvMSEIdXAF/QRs4; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.2459360159.60.138.2124436640C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:17:16 UTC412OUTGET /pages/prod/wal/audimex_addin.dot HTTP/1.1
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
                      UA-CPU: AMD64
                      Accept-Encoding: gzip, deflate
                      Host: audimex.nexi.it
                      Connection: Keep-Alive
                      Cookie: 0a3d03=fLJMQ/3EIGL5tT+ZQ+sQnDHLZN1jD4VOTBkCWtkeR/thrfAO850v73YVhdiZSU+JPB+YHjKwws/flaA1cj7/5sULTFqZdBoLB79/wrqpBNJPskruoJeafiRvC4rhfwLVQecmSpwHmJpDZfJgtunc7SZ/7fGRr9Ze+XcyHr46/IAEuCQ8
                      2025-01-13 10:17:17 UTC852INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:17:16 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      last-modified: Mon, 03 Jun 2024 13:21:12 GMT
                      etag: "e5c00-619fc35038c9d"
                      accept-ranges: bytes
                      content-length: 941056
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-type: application/msword
                      x-envoy-upstream-service-time: 75
                      set-cookie: 0a3d03=DzEl4DsgsA3RdHijXZJF0rim1PgJk9Pvv4w9ROsY35TZ3+Fbw01fGXwYKDt1DUQgrZkBc6abLBZmyXmw5Z2L6BW1zf/m2a4Goxx1IympxYjcyx923RrST6VWsOB10RRKFx2HdSarIhfElWfPg6KIClOen/BOTSK8wxHcWeHkwo00gUv8; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close
                      2025-01-13 10:17:17 UTC16384INData Raw: d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 00 03 00 fe ff 09 00 06 00 00 00 00 00 00 00 00 00 00 00 0f 00 00 00 09 00 00 00 00 00 00 00 00 10 00 00 0b 00 00 00 08 00 00 00 fe ff ff ff 00 00 00 00 08 00 00 00 76 00 00 00 ff 00 00 00 80 01 00 00 00 02 00 00 7a 02 00 00 00 03 00 00 76 03 00 00 ff 03 00 00 7e 04 00 00 00 05 00 00 7d 05 00 00 ff 05 00 00 7f 06 00 00 db 06 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                      Data Ascii: >vzv~}
                      2025-01-13 10:17:17 UTC16384INData Raw: 00 00 00 00 00 00 40 04 fe ff 60 17 00 00 68 ff ff ff 09 00 ff ff 20 00 00 00 00 00 00 00 40 04 fe ff 78 18 00 00 58 ff ff ff 0c 00 ff ff 20 00 00 00 00 00 00 00 40 04 fe ff ff ff ff ff 54 ff ff ff 09 00 ff ff 20 00 00 00 00 00 00 00 80 19 00 00 00 00 00 00 00 04 fe ff b0 17 00 00 50 ff ff ff 98 17 00 00 60 00 00 00 09 00 ff ff 1d 00 20 00 25 00 00 00 d0 17 00 00 80 17 00 00 06 00 00 00 00 00 00 00 00 04 fe ff 10 18 00 00 4c ff ff ff c8 17 00 00 60 00 00 00 00 00 00 00 1d 00 0c 00 25 00 00 00 28 18 00 00 b0 17 00 00 07 00 00 00 00 00 00 00 40 04 fe ff f8 17 00 00 3c ff ff ff 0c 00 ff ff 20 00 00 00 00 00 00 00 40 04 fe ff d8 18 00 00 2c ff ff ff 0c 00 ff ff 20 00 00 00 00 00 00 00 40 04 fe ff 38 18 00 00 28 ff ff ff 09 00 ff ff 20 00 00 00 00 00 00 00 50
                      Data Ascii: @`h @xX @T P` %L`%(@< @, @8( P
                      2025-01-13 10:17:17 UTC16384INData Raw: 00 00 84 08 00 0c 00 00 00 00 02 00 00 00 84 08 00 0c 00 00 00 10 02 00 00 00 84 08 00 0c 00 00 00 20 02 00 00 00 84 08 00 0c 00 00 00 30 02 00 00 00 84 08 00 0c 00 00 00 40 02 00 00 00 84 08 00 0c 00 00 00 50 02 00 00 00 84 08 00 0e 00 00 00 60 02 00 00 00 84 08 00 0c 00 00 00 70 02 00 00 00 84 08 00 0c 00 00 00 80 02 00 00 00 84 08 00 0c 00 00 00 90 02 00 00 00 84 08 00 0c 00 00 00 a0 02 00 00 00 84 08 00 0c 00 00 00 b0 02 00 00 00 84 08 00 0c 00 00 00 c0 02 00 00 00 84 08 00 1c 00 00 00 d0 02 00 00 00 84 08 00 1c 00 00 00 f0 02 00 00 00 84 08 00 1c 00 00 00 10 03 00 00 00 80 09 00 1e 00 00 00 30 03 00 00 00 84 08 00 22 00 00 00 50 03 00 00 00 84 08 00 10 00 00 00 78 03 00 00 00 80 09 00 22 00 00 00 88 03 00 00 00 84 08 00 0c 00 00 00 b0 03 00 00 00 84
                      Data Ascii: 0@P`p0"Px"
                      2025-01-13 10:17:17 UTC16384INData Raw: c6 03 ff ff ff ff 34 ff ff ff 03 00 ff ff 00 00 00 00 00 00 00 00 60 84 c8 03 ff ff ff ff 30 ff ff ff 03 00 ff ff 00 00 00 00 00 00 00 00 60 84 ca 03 ff ff ff ff 2c ff ff ff 03 00 ff ff 00 00 00 00 00 00 00 00 60 84 cc 03 ff ff ff ff 28 ff ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 0c 11 d2 03 a0 23 00 00 0a 00 03 60 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 60 3a 00 00 f8 fe 6b 00 ff ff ff ff ff ff ff ff 50 00 1a 00 06 00 06 00 c0 01 94 00 00 09 00 00 2c 21 d4 03 00 24 00 00 00 00 03 68 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 08 3c 00 00 78 ff 2b 00 e0 23 00 00 08 00 ff ff 44 00 1b 00 04 00 04 00 c6 01 bc 01 00 03 00 00 69 83 fe ff ff ff ff ff ff ff ff ff 08 01 ff ff 00 00 00 00 ff ff ff ff 20 00 00 00 00 00 00 00 0c
                      Data Ascii: 4`0`,`(#``:kP,!$h<x+#Di
                      2025-01-13 10:17:17 UTC16384INData Raw: 00 58 2c 15 00 9c 00 b6 00 0f 00 62 79 74 65 73 20 72 65 71 75 69 72 65 64 3a 00 20 00 a6 03 58 20 11 00 41 40 6e 02 01 00 00 00 00 00 00 00 b6 00 06 00 45 72 72 6f 72 20 20 00 30 03 58 20 11 00 b6 00 15 00 20 64 75 72 69 6e 67 20 43 72 79 70 74 45 6e 63 72 79 70 74 21 00 11 00 41 40 6e 02 01 00 00 00 00 00 6b 00 ff ff 58 0b 00 00 20 00 a4 03 ac 00 01 00 20 00 a6 03 24 20 fa 00 03 00 27 00 6a 03 00 00 a3 00 ac 03 38 0b 00 00 e0 00 04 00 14 00 44 65 73 74 72 6f 79 20 73 65 73 73 69 6f 6e 20 6b 65 79 2e 00 00 00 00 00 00 20 00 a0 03 1d 00 9b 00 47 00 20 00 a0 03 24 00 02 03 01 00 27 00 84 03 6a 00 00 00 00 00 00 00 e0 00 04 00 20 00 52 65 6c 65 61 73 65 20 6b 65 79 20 65 78 63 68 61 6e 67 65 20 6b 65 79 20 68 61 6e 64 6c 65 2e 00 00 20 00 a2 03 9b 00 47 00
                      Data Ascii: X,bytes required: X A@nError 0X during CryptEncrypt!A@nkX $ 'j8Destroy session key. G $'j Release key exchange key handle. G
                      2025-01-13 10:17:17 UTC16384INData Raw: 00 01 78 ff 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 44 00 00 00 14 00 00 00 00 02 00 0c 80 0c 00 08 08 00 fd 91 40 00 00 00 13 ff 2f 0c 00 00 00 00 08 00 00 00 14 00 24 00 00 00 00 00 00 00 fc 7b 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 f0 03 00 00 98 03 00 00 00 02 00 05 4b 4b 03 00 0d f5 00 00 00 00 08 08 00 8f 44 00 00 0c 1b 00 00 08 08 00 fd 91 40 00 00 08 1b 01 00 43 78 ff 00 0c 1b 02 00 1b 01 00 2a 31 70 ff 00 4c f5 00 00 00 00 f5 01 00 00 00 6c 70 ff 04 58 ff 34 6c 58 ff 6c 78 ff 04 5c ff 34 6c 5c ff 04 6c ff 5e 03 00 14 00 71 54 ff 3c 6c 5c ff 04 78 ff fc 58 6c 58 ff 04 70 ff fc 58 6c 54 ff fc 52 c3 32 04 00 5c ff 58 ff 1c cb 00 00 46 27 e4 fe 27 04 ff 27 24 ff f5 00 00 00 00 1b 04 00 5e 05 00 00 00 71
                      Data Ascii: xD@/${KKD@Cx*1pLlpX4lXlx\4l\l^qT<l\xXlXpXlTR2\XF'''$^q
                      2025-01-13 10:17:17 UTC16384INData Raw: 00 fb ef 04 ff 1b 06 00 43 c8 fe 04 c8 fe f5 02 00 00 00 59 cc fe 04 d4 fe 60 fd c7 d0 fe 04 b8 fe 0a 07 00 10 00 04 b8 fe fb ef a8 fe 3a 98 fe 08 00 fb ef 88 fe 1b 06 00 43 4c fe 04 4c fe f5 02 00 00 00 59 50 fe 04 58 fe 60 fd c7 54 fe 04 3c fe 0a 07 00 10 00 04 3c fe fb ef 2c fe 60 31 78 ff 32 0c 00 3c ff 34 ff d0 fe c8 fe 54 fe 4c fe 36 1a 00 50 ff 40 ff 24 ff e4 fe d4 fe 04 ff b8 fe a8 fe 68 fe 58 fe 88 fe 3c fe 2c fe 00 00 14 80 00 00 00 00 08 00 50 01 b0 01 28 00 08 00 00 00 80 00 ba 55 00 00 00 00 10 00 00 00 00 00 01 00 00 00 00 01 78 ff 01 00 58 00 00 00 00 00 13 00 00 00 00 00 3c ff 01 00 34 ff 01 00 d0 fe 01 00 c8 fe 01 00 54 fe 01 00 4c fe 01 00 50 ff 02 00 40 ff 02 00 24 ff 02 00 04 ff 02 00 e4 fe 02 00 d4 fe 02 00 b8 fe 02 00 a8 fe 02 00 88
                      Data Ascii: CY`:CLLYPX`T<<,`1x2<4TL6P@$hX<,P(UxX<4TLP@$
                      2025-01-13 10:17:17 UTC16384INData Raw: ff ff 09 00 ff ff 20 00 00 00 10 00 00 00 40 04 fe ff f8 17 00 00 6a ff ff ff 0b 00 ff ff 20 00 00 00 10 00 00 00 40 04 fe ff ff ff ff ff 64 ff ff ff 08 00 ff ff 20 00 00 00 10 00 00 00 40 04 fe ff 98 17 00 00 54 ff ff ff 0c 00 ff ff 20 00 00 00 10 00 00 00 40 04 fe ff ff ff ff ff 44 ff ff ff 0c 00 ff ff 20 00 00 00 98 00 00 00 40 04 fe ff b0 17 00 00 34 ff ff ff 0c 00 ff ff 20 00 00 00 30 18 00 00 40 04 fe ff c8 17 00 00 24 ff ff ff 0c 00 ff ff 20 00 00 00 ff ff ff ff 40 04 fe ff ff ff ff ff 14 ff ff ff 0c 00 ff ff 20 00 00 00 ff ff ff ff d8 16 00 00 c0 02 74 04 76 04 78 04 7a 04 7c 04 ff ff ff ff 06 00 ff ff 40 04 fe ff ff ff ff ff 12 ff ff ff 0b 00 ff ff 20 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 05 00 00 ff ff ff ff ff
                      Data Ascii: @j @d @T @D @4 0@$ @ tvxz|@ 0
                      2025-01-13 10:17:17 UTC16384INData Raw: 01 01 00 00 02 01 00 00 03 01 00 00 04 01 00 00 05 01 00 00 06 01 00 00 07 01 00 00 08 01 00 00 09 01 00 00 0a 01 00 00 fe ff ff ff 0c 01 00 00 0d 01 00 00 0e 01 00 00 0f 01 00 00 10 01 00 00 19 01 00 00 12 01 00 00 13 01 00 00 14 01 00 00 15 01 00 00 16 01 00 00 17 01 00 00 18 01 00 00 0b 01 00 00 fe ff ff ff 98 01 00 00 1c 01 00 00 92 01 00 00 1e 01 00 00 59 01 00 00 20 01 00 00 21 01 00 00 22 01 00 00 23 01 00 00 24 01 00 00 25 01 00 00 26 01 00 00 27 01 00 00 28 01 00 00 29 01 00 00 2a 01 00 00 2b 01 00 00 2c 01 00 00 2d 01 00 00 2e 01 00 00 2f 01 00 00 30 01 00 00 31 01 00 00 32 01 00 00 33 01 00 00 34 01 00 00 35 01 00 00 36 01 00 00 37 01 00 00 38 01 00 00 39 01 00 00 3a 01 00 00 3b 01 00 00 3c 01 00 00 3d 01 00 00 3e 01 00 00 3f 01 00 00 40 01 00
                      Data Ascii: Y !"#$%&'()*+,-./0123456789:;<=>?@
                      2025-01-13 10:17:17 UTC16384INData Raw: 01 16 01 00 06 48 01 00 00 74 73 00 00 2c 01 00 00 70 03 00 00 49 75 00 00 57 75 00 00 47 a5 00 00 00 00 00 00 01 00 00 00 17 4a c5 7f 00 00 ff ff 03 00 00 00 80 00 00 00 b6 00 ff ff 01 01 48 00 00 00 00 00 ec 02 14 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 47 65 74 55 73 65 72 4e 61 6d 65 41 00 00 00 00 00 00 ed 02 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 65 74 55 73 65 72 4e 61 6d 65 41 00 00 00 00 ff ff ff ff 01 00 00 00 ff ff a8 00 ff ff 00 00 42 c1 b1 09 0b 0c 75 47 83 cf 6e ac 66 12 3a be 2a 3d fb fc fa a0 68 10 a7 38 08 00 2b 33 71 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 b7 f7 85 1c c6 fe 29 4b 93 74 90 f1 69 71 bc 0c 10 00 00 00 03 00 00 00 05 00 00 00 07 00 00 00 ff ff ff ff ff ff ff ff 01 01 08 00 00 00 ff ff
                      Data Ascii: Hts,pIuWuGJHGetUserNameA8GetUserNameABuGnf:*=h8+3q)Ktiq


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.2459362159.60.138.2124436640C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:17:18 UTC435OUTHEAD /pages/prod/wal/audimex_addin.dot HTTP/1.1
                      Authorization: Bearer
                      X-MS-CookieUri-Requested: t
                      X-FeatureVersion: 1
                      X-IDCRL_ACCEPTED: t
                      User-Agent: Microsoft Office Existence Discovery
                      Host: audimex.nexi.it
                      Connection: Keep-Alive
                      Cookie: 0a3d03=DzEl4DsgsA3RdHijXZJF0rim1PgJk9Pvv4w9ROsY35TZ3+Fbw01fGXwYKDt1DUQgrZkBc6abLBZmyXmw5Z2L6BW1zf/m2a4Goxx1IympxYjcyx923RrST6VWsOB10RRKFx2HdSarIhfElWfPg6KIClOen/BOTSK8wxHcWeHkwo00gUv8
                      2025-01-13 10:17:18 UTC852INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:17:18 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      last-modified: Mon, 03 Jun 2024 13:21:12 GMT
                      etag: "e5c00-619fc35038c9d"
                      accept-ranges: bytes
                      content-length: 941056
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-type: application/msword
                      x-envoy-upstream-service-time: 76
                      set-cookie: 0a3d03=QIIBwKS2d/DxWVnOSqCpZ97OcYZTEu/z9Lj6QmMh1B/bew5ICN6vRdMdzaea6CjctAgYNwg0K0MVrWCISCTaxaWBs5SB+LjhFV0fwV3vhOFZ265HlCc0QzFPP2hL1ivG59ISxEoVwGrR3CIb6f5B5sypzYCci7CeODXsOaUWIrFFv6Cv; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.2459363159.60.138.2124436640C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:17:19 UTC435OUTHEAD /pages/prod/wal/audimex_addin.dot HTTP/1.1
                      Authorization: Bearer
                      X-MS-CookieUri-Requested: t
                      X-FeatureVersion: 1
                      X-IDCRL_ACCEPTED: t
                      User-Agent: Microsoft Office Existence Discovery
                      Host: audimex.nexi.it
                      Connection: Keep-Alive
                      Cookie: 0a3d03=QIIBwKS2d/DxWVnOSqCpZ97OcYZTEu/z9Lj6QmMh1B/bew5ICN6vRdMdzaea6CjctAgYNwg0K0MVrWCISCTaxaWBs5SB+LjhFV0fwV3vhOFZ265HlCc0QzFPP2hL1ivG59ISxEoVwGrR3CIb6f5B5sypzYCci7CeODXsOaUWIrFFv6Cv
                      2025-01-13 10:17:19 UTC852INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:17:19 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      last-modified: Mon, 03 Jun 2024 13:21:12 GMT
                      etag: "e5c00-619fc35038c9d"
                      accept-ranges: bytes
                      content-length: 941056
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-type: application/msword
                      x-envoy-upstream-service-time: 76
                      set-cookie: 0a3d03=utIY8q7RI5e17iVFVPDlH0Tz7O4m2oIAqCzfu7WwJbNdYe91wkbawVZuGdtTwEwbGlxnEBBfN708uNqPhXFPw3qM1VdNIkbG/Ltp2TYxbvgeNUuy5OIRG+ER+93v8JeeSBDJO8NetM0Osw8n5pfUOWYJgS+JEkWDncNl4tm3GvkRX4KZ; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination Port
                      6192.168.2.245938240.115.3.253443
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:18:17 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 59 4d 36 72 4f 4f 61 63 51 45 47 35 59 73 4f 79 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 64 36 38 66 39 39 31 37 35 34 63 65 63 61 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 316MS-CV: YM6rOOacQEG5YsOy.1Context: 3dd68f991754ceca
                      2025-01-13 10:18:17 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
                      2025-01-13 10:18:17 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 59 4d 36 72 4f 4f 61 63 51 45 47 35 59 73 4f 79 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 64 36 38 66 39 39 31 37 35 34 63 65 63 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 46 57 70 44 6f 6a 46 39 4c 2b 53 32 77 57 48 70 5a 33 38 47 4e 5a 51 43 31 75 62 38 6b 32 42 77 71 33 69 35 52 35 50 38 58 79 6d 55 61 7a 4e 78 49 7a 79 65 45 48 38 51 36 4a 70 2f 47 2b 78 35 64 54 55 31 6a 2b 39 5a 50 4f 65 66 52 64 4e 51 73 69 31 72 42 71 4b 68 45 38 38 77 57 75 72 6f 55 42 58 33 44 66 70 41 2f 4c 2f 73
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: YM6rOOacQEG5YsOy.2Context: 3dd68f991754ceca<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcFWpDojF9L+S2wWHpZ38GNZQC1ub8k2Bwq3i5R5P8XymUazNxIzyeEH8Q6Jp/G+x5dTU1j+9ZPOefRdNQsi1rBqKhE88wWuroUBX3DfpA/L/s
                      2025-01-13 10:18:17 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 59 4d 36 72 4f 4f 61 63 51 45 47 35 59 73 4f 79 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 64 36 38 66 39 39 31 37 35 34 63 65 63 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: YM6rOOacQEG5YsOy.3Context: 3dd68f991754ceca<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-13 10:18:18 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-13 10:18:18 UTC58INData Raw: 4d 53 2d 43 56 3a 20 57 4d 5a 54 69 38 55 6e 45 55 69 67 32 78 37 2f 52 54 61 77 6e 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: WMZTi8UnEUig2x7/RTawng.0Payload parsing failed.


                      Session IDSource IPSource PortDestination IPDestination Port
                      7192.168.2.245938440.115.3.253443
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:18:21 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 38 2f 47 6f 54 41 52 6f 58 55 57 53 30 48 50 4a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 37 30 37 36 62 38 36 66 61 34 35 37 64 62 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 316MS-CV: 8/GoTARoXUWS0HPJ.1Context: 7b7076b86fa457db
                      2025-01-13 10:18:21 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
                      2025-01-13 10:18:21 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 38 2f 47 6f 54 41 52 6f 58 55 57 53 30 48 50 4a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 37 30 37 36 62 38 36 66 61 34 35 37 64 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 34 38 72 35 48 55 76 73 52 46 48 33 31 63 6b 6b 55 54 31 56 76 55 74 45 66 49 59 55 53 6f 41 57 2b 56 32 35 51 51 37 74 45 43 5a 61 4b 4a 7a 6f 47 32 48 48 35 48 72 59 32 4b 63 53 4a 31 39 75 44 54 51 6c 51 78 58 30 66 72 64 63 55 47 39 66 4c 46 56 33 6e 75 52 6b 62 4f 52 58 47 50 30 66 6d 54 33 64 63 53 45 72 35 76 35 36
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 8/GoTARoXUWS0HPJ.2Context: 7b7076b86fa457db<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe48r5HUvsRFH31ckkUT1VvUtEfIYUSoAW+V25QQ7tECZaKJzoG2HH5HrY2KcSJ19uDTQlQxX0frdcUG9fLFV3nuRkbORXGP0fmT3dcSEr5v56
                      2025-01-13 10:18:21 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 38 2f 47 6f 54 41 52 6f 58 55 57 53 30 48 50 4a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 37 30 37 36 62 38 36 66 61 34 35 37 64 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: 8/GoTARoXUWS0HPJ.3Context: 7b7076b86fa457db<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-13 10:18:21 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-13 10:18:21 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6d 65 64 43 31 36 41 41 4a 45 75 47 53 66 2f 69 46 4e 57 47 74 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: medC16AAJEuGSf/iFNWGtA.0Payload parsing failed.


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.2459387159.60.138.2124436712C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:18:25 UTC395OUTOPTIONS /pages/prod/wal/ HTTP/1.1
                      Connection: Keep-Alive
                      Authorization: Bearer
                      User-Agent: Microsoft Office Word 2014
                      X-Office-Major-Version: 16
                      X-MS-CookieUri-Requested: t
                      X-FeatureVersion: 1
                      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
                      X-IDCRL_ACCEPTED: t
                      X-IDCRL_OPTIONS: force-auth-challenge
                      IgnoreCookieAuthentication: t
                      Host: audimex.nexi.it
                      2025-01-13 10:18:25 UTC788INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:18:25 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      allow: HEAD,GET,POST,OPTIONS,TRACE
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-length: 0
                      content-type: httpd/unix-directory
                      x-envoy-upstream-service-time: 48
                      set-cookie: 0a3d03=HxQ3niLgIy5Qk8+/4ZMOJ8wVe8+zKNq80/oX3wFI3+Zn+ZPnjLGqO4LgdnnyH6dZWsjb4mRSbDTgC6JOSf2s22l+oDzqdT0/auaYgY+MaxUEdU3NCDcNQO2GWzAZSMYq117lhE6o/XXoE5OF/MxULDhEHLQsSG4GKsQcdSsvY5Tu6c5P; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.2459388159.60.138.2124436712C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:18:25 UTC343OUTOPTIONS /pages/prod/wal/ HTTP/1.1
                      Connection: Keep-Alive
                      Authorization: Bearer
                      User-Agent: Microsoft Office Word 2014
                      X-Office-Major-Version: 16
                      X-MS-CookieUri-Requested: t
                      X-FeatureVersion: 1
                      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
                      X-MSGETWEBURL: t
                      X-IDCRL_ACCEPTED: t
                      Host: audimex.nexi.it
                      2025-01-13 10:18:25 UTC788INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:18:25 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      allow: HEAD,GET,POST,OPTIONS,TRACE
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-length: 0
                      content-type: httpd/unix-directory
                      x-envoy-upstream-service-time: 77
                      set-cookie: 0a3d03=stJJmatr8l39eHrLjFHSLHMSSX/sLccnS1oKOdK0g9A3hANrttlvOxwl7Tu5RpwDK5e7Bo7vSDUh/3JUNbAgOF5eWXNv4n9vEB/Qge4/N1sPJs8BMBDAcRbaMVZAncP/c8r+6AWEPRshb9ACDnuKoa6M7GqL8+DJtHWu2J8xzppx+mjG; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      10192.168.2.2459389159.60.138.2124436712C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:18:26 UTC338OUTOPTIONS /pages/prod/wal/ HTTP/1.1
                      Connection: Keep-Alive
                      Authorization: Bearer
                      User-Agent: Microsoft Office Word
                      X-Office-Major-Version: 16
                      X-MS-CookieUri-Requested: t
                      X-FeatureVersion: 1
                      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
                      X-MSGETWEBURL: t
                      X-IDCRL_ACCEPTED: t
                      Host: audimex.nexi.it
                      2025-01-13 10:18:26 UTC788INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:18:26 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      allow: HEAD,GET,POST,OPTIONS,TRACE
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-length: 0
                      content-type: httpd/unix-directory
                      x-envoy-upstream-service-time: 48
                      set-cookie: 0a3d03=aLGI8mVYHFcXTIr55svMadfpQ/ZGOo2NPtRyXf8JOpiRAe0YdzvxRCljeolnGFcEeUd4W1bzJOT+hX2L00yZhTUY0V4ludv3rRZwQloUSxfGoofw9dvjaer+7gBhPxF1Phq3xFbGR0iMmtv+w9mIY+9IwSg50dyJHbDDwtBZqmldOR2o; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      11192.168.2.2459390159.60.138.2124436712C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:18:26 UTC532OUTHEAD /pages/prod/wal/audimex_addin.dot HTTP/1.1
                      Connection: Keep-Alive
                      Authorization: Bearer
                      User-Agent: Microsoft Office Word 2014
                      X-Office-Major-Version: 16
                      X-MS-CookieUri-Requested: t
                      X-FeatureVersion: 1
                      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
                      X-IDCRL_ACCEPTED: t
                      Host: audimex.nexi.it
                      Cookie: 0a3d03=stJJmatr8l39eHrLjFHSLHMSSX/sLccnS1oKOdK0g9A3hANrttlvOxwl7Tu5RpwDK5e7Bo7vSDUh/3JUNbAgOF5eWXNv4n9vEB/Qge4/N1sPJs8BMBDAcRbaMVZAncP/c8r+6AWEPRshb9ACDnuKoa6M7GqL8+DJtHWu2J8xzppx+mjG
                      2025-01-13 10:18:26 UTC852INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:18:26 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      last-modified: Mon, 03 Jun 2024 13:21:12 GMT
                      etag: "e5c00-619fc35038c9d"
                      accept-ranges: bytes
                      content-length: 941056
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-type: application/msword
                      x-envoy-upstream-service-time: 48
                      set-cookie: 0a3d03=C7oeZtDsv6Z4aDo2JAUQg/Gd2FHr6hjgo9Lr/mhq3ATMvSRnYl1df12DhAlZPUtVf2Y3GC/7WSEn8WFt9n+JhF2rVRKc7w3xlfwwaJ8J2NXjhSzjUFlmOJd/wGrLW3g8nKbbmo6lKLRh7o8jOzDTDRg+OajZlDxMCELSvyKNPqaLG/Zl; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      12192.168.2.2459391159.60.138.2124436712C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:18:27 UTC307OUTGET /pages/prod/wal/audimex_addin.dot HTTP/1.1
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
                      UA-CPU: AMD64
                      Accept-Encoding: gzip, deflate
                      Host: audimex.nexi.it
                      If-Modified-Since: Mon, 03 Jun 2024 13:21:12 GMT
                      If-None-Match: "e5c00-619fc35038c9d"
                      Connection: Keep-Alive
                      2025-01-13 10:18:27 UTC427INHTTP/1.1 304 Not Modified
                      date: Mon, 13 Jan 2025 10:18:27 GMT
                      etag: "e5c00-619fc35038c9d"
                      cache-control: no-cache
                      x-envoy-upstream-service-time: 48
                      set-cookie: 0a3d03=cCBQ3jyyEuGdNUl+Mq+cbS7l4ChorbwXABhu0w4FDjxA8LHLK6zmg10hxsqUSfQZWyrG+pRGjUZ+kdpWyIlh1SugVr0lnOxeemKASlmqBuW9JUm71AeJjNLgmV5ZCiAG0vezj4gYyg4DNpmy8XRDxzuaUjy+Yxiw327L+aeief5emYfT; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      13192.168.2.2459392159.60.138.2124436712C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:18:28 UTC435OUTHEAD /pages/prod/wal/audimex_addin.dot HTTP/1.1
                      Authorization: Bearer
                      X-MS-CookieUri-Requested: t
                      X-FeatureVersion: 1
                      X-IDCRL_ACCEPTED: t
                      User-Agent: Microsoft Office Existence Discovery
                      Host: audimex.nexi.it
                      Connection: Keep-Alive
                      Cookie: 0a3d03=cCBQ3jyyEuGdNUl+Mq+cbS7l4ChorbwXABhu0w4FDjxA8LHLK6zmg10hxsqUSfQZWyrG+pRGjUZ+kdpWyIlh1SugVr0lnOxeemKASlmqBuW9JUm71AeJjNLgmV5ZCiAG0vezj4gYyg4DNpmy8XRDxzuaUjy+Yxiw327L+aeief5emYfT
                      2025-01-13 10:18:29 UTC852INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:18:28 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      last-modified: Mon, 03 Jun 2024 13:21:12 GMT
                      etag: "e5c00-619fc35038c9d"
                      accept-ranges: bytes
                      content-length: 941056
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-type: application/msword
                      x-envoy-upstream-service-time: 70
                      set-cookie: 0a3d03=e8850Hk5B8tUX90sxY8DPFOtcjXm81OXLWGujSaqpTp3sPO67Da202/BjuPi26hSKbRIJJBPVt74h77j20RUgCM+940VrQvYEXAOdkgJ5S9YGJ05f4Mr7jn3lVCdzUK9SqR7QCZDjsAznBq0NlJFnab7e4oJBqIFA66AVUtkF+3dCzcb; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      14192.168.2.2459394159.60.138.2124436712C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:18:29 UTC435OUTHEAD /pages/prod/wal/audimex_addin.dot HTTP/1.1
                      Authorization: Bearer
                      X-MS-CookieUri-Requested: t
                      X-FeatureVersion: 1
                      X-IDCRL_ACCEPTED: t
                      User-Agent: Microsoft Office Existence Discovery
                      Host: audimex.nexi.it
                      Connection: Keep-Alive
                      Cookie: 0a3d03=e8850Hk5B8tUX90sxY8DPFOtcjXm81OXLWGujSaqpTp3sPO67Da202/BjuPi26hSKbRIJJBPVt74h77j20RUgCM+940VrQvYEXAOdkgJ5S9YGJ05f4Mr7jn3lVCdzUK9SqR7QCZDjsAznBq0NlJFnab7e4oJBqIFA66AVUtkF+3dCzcb
                      2025-01-13 10:18:30 UTC852INHTTP/1.1 200 OK
                      date: Mon, 13 Jan 2025 10:18:30 GMT
                      cache-control: no-cache
                      strict-transport-security: max-age=31536000
                      x-frame-options: sameorigin
                      x-content-type-options: nosniff
                      x-xss-protection: 1; mode=block
                      referrer-policy: strict-origin-when-cross-origin
                      last-modified: Mon, 03 Jun 2024 13:21:12 GMT
                      etag: "e5c00-619fc35038c9d"
                      accept-ranges: bytes
                      content-length: 941056
                      content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' *.audimex-hosting.com *.audimex.com audimex.nexi.it
                      content-type: application/msword
                      x-envoy-upstream-service-time: 49
                      set-cookie: 0a3d03=ZOItzevLZehhsbTh06zDrm70b5Cch8IFIYsD2AoJ0eR95f1+gQCH7gIqn1NlEv3QrX+gCvDKIyGDhBF3bmXkyVid2cUU9BvtU52nEPj1mZuF6HE6HX8x2R8lPtZkFgNzFr0cJQQugjigzChOBUj8ss71agdg4Yf4UwQeeMOuG963tyZw; path=/
                      x-volterra-location: tn2-lon
                      server: volt-adc
                      connection: close


                      Session IDSource IPSource PortDestination IPDestination Port
                      15192.168.2.245939640.115.3.253443
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:18:33 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 43 4d 78 52 32 59 68 35 71 45 6d 54 78 39 6b 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 63 39 32 33 34 61 39 63 35 34 37 37 34 64 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 316MS-CV: CMxR2Yh5qEmTx9k8.1Context: ddc9234a9c54774d
                      2025-01-13 10:18:33 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
                      2025-01-13 10:18:33 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 43 4d 78 52 32 59 68 35 71 45 6d 54 78 39 6b 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 63 39 32 33 34 61 39 63 35 34 37 37 34 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 34 38 72 35 48 55 76 73 52 46 48 33 31 63 6b 6b 55 54 31 56 76 55 74 45 66 49 59 55 53 6f 41 57 2b 56 32 35 51 51 37 74 45 43 5a 61 4b 4a 7a 6f 47 32 48 48 35 48 72 59 32 4b 63 53 4a 31 39 75 44 54 51 6c 51 78 58 30 66 72 64 63 55 47 39 66 4c 46 56 33 6e 75 52 6b 62 4f 52 58 47 50 30 66 6d 54 33 64 63 53 45 72 35 76 35 36
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: CMxR2Yh5qEmTx9k8.2Context: ddc9234a9c54774d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe48r5HUvsRFH31ckkUT1VvUtEfIYUSoAW+V25QQ7tECZaKJzoG2HH5HrY2KcSJ19uDTQlQxX0frdcUG9fLFV3nuRkbORXGP0fmT3dcSEr5v56
                      2025-01-13 10:18:33 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 43 4d 78 52 32 59 68 35 71 45 6d 54 78 39 6b 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 63 39 32 33 34 61 39 63 35 34 37 37 34 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: CMxR2Yh5qEmTx9k8.3Context: ddc9234a9c54774d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-13 10:18:33 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-13 10:18:33 UTC58INData Raw: 4d 53 2d 43 56 3a 20 37 63 6e 41 37 4f 42 78 75 30 2b 66 54 31 2f 6d 35 48 30 4f 79 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: 7cnA7OBxu0+fT1/m5H0OyA.0Payload parsing failed.


                      Session IDSource IPSource PortDestination IPDestination Port
                      16192.168.2.245940240.115.3.253443
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:18:48 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 68 6e 77 4d 33 74 4b 6e 6f 55 57 51 6e 78 75 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 37 31 63 37 34 34 64 38 33 34 39 37 30 37 64 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 316MS-CV: hnwM3tKnoUWQnxu4.1Context: e71c744d8349707d
                      2025-01-13 10:18:48 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
                      2025-01-13 10:18:48 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 68 6e 77 4d 33 74 4b 6e 6f 55 57 51 6e 78 75 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 37 31 63 37 34 34 64 38 33 34 39 37 30 37 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 7a 41 50 31 6d 38 6c 36 59 53 38 45 67 43 2b 63 75 75 6f 32 47 4f 66 56 73 63 67 46 6d 79 51 4d 6c 59 61 6d 76 43 75 37 77 57 4e 36 4c 77 64 36 41 6b 5a 39 4e 45 4d 43 46 33 4f 79 57 2f 51 52 6b 4a 2f 2f 33 4b 43 7a 7a 4d 75 44 34 5a 61 6b 45 75 67 46 2f 46 37 50 53 49 4f 53 44 52 44 78 74 69 78 78 57 34 54 2b 33 64 51 67
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: hnwM3tKnoUWQnxu4.2Context: e71c744d8349707d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdzAP1m8l6YS8EgC+cuuo2GOfVscgFmyQMlYamvCu7wWN6Lwd6AkZ9NEMCF3OyW/QRkJ//3KCzzMuD4ZakEugF/F7PSIOSDRDxtixxW4T+3dQg
                      2025-01-13 10:18:48 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 68 6e 77 4d 33 74 4b 6e 6f 55 57 51 6e 78 75 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 37 31 63 37 34 34 64 38 33 34 39 37 30 37 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: hnwM3tKnoUWQnxu4.3Context: e71c744d8349707d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-13 10:18:48 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-13 10:18:48 UTC58INData Raw: 4d 53 2d 43 56 3a 20 2b 57 68 4f 55 5a 56 4f 2f 55 6d 62 63 4d 48 4f 58 6d 44 35 74 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: +WhOUZVO/UmbcMHOXmD5tg.0Payload parsing failed.


                      Session IDSource IPSource PortDestination IPDestination Port
                      17192.168.2.245940840.115.3.253443
                      TimestampBytes transferredDirectionData
                      2025-01-13 10:19:10 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 56 75 6e 49 41 62 34 47 75 30 65 6f 6e 72 62 6a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 61 61 35 35 61 64 35 30 30 66 31 34 39 33 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 316MS-CV: VunIAb4Gu0eonrbj.1Context: b0aa55ad500f1493
                      2025-01-13 10:19:10 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
                      2025-01-13 10:19:10 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 56 75 6e 49 41 62 34 47 75 30 65 6f 6e 72 62 6a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 61 61 35 35 61 64 35 30 30 66 31 34 39 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 35 2b 35 39 72 79 47 49 62 62 79 63 4b 36 6e 4c 6b 71 76 77 6f 53 31 61 4f 31 35 68 49 52 78 61 79 44 32 61 63 39 4e 69 31 38 4a 33 59 4d 4e 2f 6e 64 2f 78 63 52 51 79 72 4e 79 48 33 6c 77 58 78 46 70 43 41 55 57 63 46 61 61 52 4f 62 57 53 59 70 4d 56 69 61 2b 61 4a 36 41 54 77 63 4b 5a 4d 44 31 32 38 4d 53 44 48 2f 58 34
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: VunIAb4Gu0eonrbj.2Context: b0aa55ad500f1493<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAW5+59ryGIbbycK6nLkqvwoS1aO15hIRxayD2ac9Ni18J3YMN/nd/xcRQyrNyH3lwXxFpCAUWcFaaRObWSYpMVia+aJ6ATwcKZMD128MSDH/X4
                      2025-01-13 10:19:10 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 56 75 6e 49 41 62 34 47 75 30 65 6f 6e 72 62 6a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 61 61 35 35 61 64 35 30 30 66 31 34 39 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: VunIAb4Gu0eonrbj.3Context: b0aa55ad500f1493<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-13 10:19:10 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-13 10:19:10 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6f 57 2b 64 4a 41 68 73 79 30 43 77 53 73 50 6c 74 76 69 33 53 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: oW+dJAhsy0CwSsPltvi3Sw.0Payload parsing failed.


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:1
                      Start time:05:17:07
                      Start date:13/01/2025
                      Path:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\YYYY-NNN AUDIT DETAIL REPORT .docx" /o ""
                      Imagebase:0x7ff676390000
                      File size:1'637'952 bytes
                      MD5 hash:A9F0EC89897AC6C878D217DFB64CA752
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:false

                      General

                      Target ID:7
                      Start time:05:17:26
                      Start date:13/01/2025
                      Path:C:\Windows\System32\rundll32.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                      Imagebase:0x7ff61b310000
                      File size:90'112 bytes
                      MD5 hash:C87FA6FC1D294962EABE44509FE1921C
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:11
                      Start time:05:18:22
                      Start date:13/01/2025
                      Path:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\YYYY-NNN AUDIT DETAIL REPORT .docx" /o ""
                      Imagebase:0x7ff676390000
                      File size:1'637'952 bytes
                      MD5 hash:A9F0EC89897AC6C878D217DFB64CA752
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:false

                      Disassembly

                      No disassembly