Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls

Overview

General Information

Sample name:11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls
Analysis ID:1427894
MD5:1b73adcb8a81f3c16c93d068ef96e71c
SHA1:51a531d12af8a4146a1986c81062b52d97d39f3d
SHA256:d54c6022fce79e44ae05bba1f148fe83b3991c7c6bd8a8efd19f4d615bf15a96
Tags:xls
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (creates forbidden files)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Microsoft Office drops suspicious files
Yara detected MalDoc
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 808 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • AcroRd32.exe (PID: 848 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding MD5: 2F8D93826B8CBF9290BC57535C7A6817)
      • RdrCEF.exe (PID: 3268 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 MD5: 326A645391A97C760B60C558A35BB068)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsJoeSecurity_MalDoc_4Yara detected MalDocJoe Security

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Excel Network Connections
    Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 172.67.206.230, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 808, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49161
    Sigma detected: Suspicious Office Outbound Connections
    Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49161, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 808, Protocol: tcp, SourceIp: 172.67.206.230, SourceIsIpv6: false, SourcePort: 80
    Sigma detected: Modification of IE Registry Settings
    Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 808, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for domain / URL
    Source: pop.tgVirustotal: Detection: 6%Perma Link
    Multi AV Scanner detection for submitted file
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsReversingLabs: Detection: 28%
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsVirustotal: Detection: 22%Perma Link
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
    Source: unknownHTTPS traffic detected: 172.67.206.230:443 -> 192.168.2.22:49162 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.230:443 -> 192.168.2.22:49165 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.230:443 -> 192.168.2.22:49167 version: TLS 1.2

    Software Vulnerabilities

    barindex
    Document exploit detected (creates forbidden files)
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\main[1].jsJump to behavior
    Document exploit detected (process start blacklist hit)
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    Source: global trafficDNS query: name: pop.tg
    Source: global trafficDNS query: name: www.pop.tg
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.206.230:80
    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.206.230:80
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.206.230:80
    Source: global trafficTCP traffic: 172.67.206.230:80 -> 192.168.2.22:49161
    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.206.230:80
    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.206.230:80
    Source: global trafficTCP traffic: 172.67.206.230:80 -> 192.168.2.22:49161
    Source: global trafficTCP traffic: 172.67.206.230:80 -> 192.168.2.22:49161
    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.206.230:80
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49162
    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.206.230:80
    Source: global trafficTCP traffic: 172.67.206.230:80 -> 192.168.2.22:49161
    Source: global trafficTCP traffic: 172.67.206.230:80 -> 192.168.2.22:49161
    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.206.230:80
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49163
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49164
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49165
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.206.230:443
    Source: global trafficTCP traffic: 172.67.206.230:443 -> 192.168.2.22:49167

    Networking

    barindex
    Yara detected MalDoc
    Source: Yara matchFile source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls, type: SAMPLE
    Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /dist/main.css HTTP/1.1Accept: */*Referer: https://www.pop.tg/Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /global.css HTTP/1.1Accept: */*Referer: https://www.pop.tg/Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /dist/main.js HTTP/1.1Accept: */*Referer: https://www.pop.tg/Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /IGWYr HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /IGWYr HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pop.tgConnection: Keep-Alive
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E3092323.emfJump to behavior
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /dist/main.css HTTP/1.1Accept: */*Referer: https://www.pop.tg/Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /global.css HTTP/1.1Accept: */*Referer: https://www.pop.tg/Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /dist/main.js HTTP/1.1Accept: */*Referer: https://www.pop.tg/Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /IGWYr HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pop.tgConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /IGWYr HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pop.tgConnection: Keep-Alive
    Source: unknownDNS traffic detected: queries for: pop.tg
    Source: index[1].html0.0.dr, index[1].html.0.drString found in binary or memory: http://ogp.me/ns#
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls, C2030000.0.drString found in binary or memory: http://pop.tg/IGWYr
    Source: index[1].html0.0.dr, index[1].html.0.drString found in binary or memory: https://fonts.googleapis.com
    Source: index[1].html0.0.dr, index[1].html.0.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Atkinson
    Source: index[1].html0.0.dr, index[1].html.0.drString found in binary or memory: https://fonts.gstatic.com
    Source: css2[1].css.0.drString found in binary or memory: https://fonts.gstatic.com/l/font?kit=9Bt23C1KxNDXMspQ1lPyU89-1h6ONRlW45GE5A&skey=273537385173c67e&v=
    Source: index[1].html0.0.dr, index[1].html.0.drString found in binary or memory: https://www.pop.tg
    Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49162 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
    Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49162
    Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
    Source: unknownHTTPS traffic detected: 172.67.206.230:443 -> 192.168.2.22:49162 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.230:443 -> 192.168.2.22:49165 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.230:443 -> 192.168.2.22:49167 version: TLS 1.2

    System Summary

    barindex
    Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
    Source: Screenshot number: 8Screenshot OCR: document is protected Open :he Qxumem h MKmsot mer 1 Prmevmq (M ^e is 2 net m be prc' aed dcjc
    Source: Screenshot number: 12Screenshot OCR: document is protected 11 1 Tabb 12 13 14 15 16 17 2m Qxumem h Ckkc!' "' ' ' ' K.Kmsot mer
    Excel sheet contains many unusual embedded objects
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsOLE: Microsoft Excel 2007+
    Source: ~DFB6DE027B7CC70010.TMP.0.drOLE: Microsoft Excel 2007+
    Source: C2030000.0.drOLE: Microsoft Excel 2007+
    Microsoft Office drops suspicious files
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\main[1].jsJump to behavior
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsOLE indicator, VBA macros: true
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsStream path 'MBD0004D5A8/\x1Ole' : http://pop.tg/IGWYrmb[m+JMki1<vo]ul+@i1`Ns4!Z667H:jR59?5WANacmg]X"gQA,+e6nH|-J'!yQqctR55kd=w)Kw%#3|LxnU*&MEtaw)b3fM]j4r0uSuqRqBB2VcrBWoKeorLEDi0JHt2kOcEoTGs76Z4uJkcJi9lOeCcnQfX1km36ja2kJKYNsFPBRJV4QHfzGocYYVYSvhD97Bh2CgMvQNwX8yPJLrkmnS3h4qdmiePSxp5xy3VBI+LN+R;\BKS%32
    Source: C2030000.0.drStream path 'MBD0004D5A8/\x1Ole' : http://pop.tg/IGWYrmb[m+JMki1<vo]ul+@i1`Ns4!Z667H:jR59?5WANacmg]X"gQA,+e6nH|-J'!yQqctR55kd=w)Kw%#3|LxnU*&MEtaw)b3fM]j4r0uSuqRqBB2VcrBWoKeorLEDi0JHt2kOcEoTGs76Z4uJkcJi9lOeCcnQfX1km36ja2kJKYNsFPBRJV4QHfzGocYYVYSvhD97Bh2CgMvQNwX8yPJLrkmnS3h4qdmiePSxp5xy3VBI+LN+R;\BKS%32
    Source: ~DFB6DE027B7CC70010.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
    Source: classification engineClassification label: mal88.troj.expl.winXLS@10/28@2/1
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DATJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR6315.tmpJump to behavior
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsOLE indicator, Workbook stream: true
    Source: C2030000.0.drOLE indicator, Workbook stream: true
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsReversingLabs: Detection: 28%
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsVirustotal: Detection: 22%
    Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043Jump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
    Source: ~DFB6DE027B7CC70010.TMP.0.drInitial sample: OLE indicators vbamacros = False
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsInitial sample: OLE indicators encrypted = True
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsStream path 'MBD0004D5A5/CONTENTS' entropy: 7.9671168067 (max. 8.0)
    Source: 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xlsStream path 'Workbook' entropy: 7.99546868067 (max. 8.0)
    Source: C2030000.0.drStream path 'MBD0004D5A5/CONTENTS' entropy: 7.9671168067 (max. 8.0)
    Source: C2030000.0.drStream path 'Workbook' entropy: 7.99770345374 (max. 8.0)

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity Information1
    Scripting    		Valid Accounts23
    Exploitation for Client Execution    		1
    Scripting    		1
    Process Injection    		1
    Masquerading    		OS Credential Dumping1
    File and Directory Discovery    		Remote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Disable or Modify Tools    		LSASS Memory2
    System Information Discovery    		Remote Desktop ProtocolData from Removable Media2
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Process Injection    		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Obfuscated Files or Information    		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
    Ingress Tool Transfer    		Traffic DuplicationData Destruction

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls29%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199
    11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls23%VirustotalBrowse

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    www.pop.tg4%VirustotalBrowse
    pop.tg7%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://www.pop.tg/dist/main.js4%VirustotalBrowse
    https://www.pop.tg/2%VirustotalBrowse
    http://pop.tg/IGWYr4%VirustotalBrowse
    https://www.pop.tg2%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    www.pop.tg
    		172.67.206.230
    		truefalseunknown
    pop.tg
    		172.67.206.230
    		truefalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://www.pop.tg/dist/main.cssfalse
      		unknown
      https://www.pop.tg/dist/main.jsfalseunknown
      https://www.pop.tg/global.cssfalse
        		unknown
        https://www.pop.tg/falseunknown
        http://pop.tg/IGWYrfalseunknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://www.pop.tgindex[1].html0.0.dr, index[1].html.0.drfalseunknown
        http://ogp.me/ns#index[1].html0.0.dr, index[1].html.0.drfalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          172.67.206.230
          		www.pop.tgUnited States
          		13335CLOUDFLARENETUSfalse

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1427894
          Start date and time:2024-04-18 10:16:52 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 4m 20s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsofficecookbook.jbs
          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
          Number of analysed new started processes analysed:9
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • GSI enabled (VBA)
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls
          Detection:MAL
          Classification:mal88.troj.expl.winXLS@10/28@2/1
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          Cookbook Comments:
          • Found application associated with file extension: .xls
          • Found Word or Excel or PowerPoint or XPS Viewer
          • Attach to Office via COM
          • Active ActiveX Object
          • Active ActiveX Object
          • Active ActiveX Object
          • Active ActiveX Object
          • Scroll down
          • Close Viewer

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 64.233.185.95, 142.251.15.94
          • Excluded domains from analysis (whitelisted): fonts.googleapis.com, fonts.gstatic.com
          • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
          • Report size getting too big, too many NtCreateFile calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          10:18:05API Interceptor182x Sleep call for process: AcroRd32.exe modified
          10:18:21API Interceptor35x Sleep call for process: RdrCEF.exe modified

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          172.67.206.230DETAILS.docx.docGet hashmaliciousRemcosBrowse
          • pop.tg/qKHCZ
          RFQ.xlsGet hashmaliciousUnknownBrowse
          • pop.tg/7EgwI

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          pop.tgDETAILS.docx.docGet hashmaliciousRemcosBrowse
          • 172.67.206.230
          RFQ.xlsGet hashmaliciousUnknownBrowse
          • 172.67.206.230
          RFQ.xlsGet hashmaliciousUnknownBrowse
          • 104.21.15.201
          RFQ.xlsGet hashmaliciousUnknownBrowse
          • 104.21.15.201

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          CLOUDFLARENETUSdendy.exeGet hashmaliciousRisePro StealerBrowse
          • 104.26.5.15
          5Dw2hTQmiB.exeGet hashmaliciousLummaCBrowse
          • 104.21.44.10
          Purchase Order PDF.exeGet hashmaliciousAgentTeslaBrowse
          • 104.26.13.205
          file.exeGet hashmaliciousLummaCBrowse
          • 104.21.44.10
          Leoch-Purchase Order.exeGet hashmaliciousAgentTeslaBrowse
          • 172.67.74.152
          p silp AI240190.pdf.exeGet hashmaliciousAgentTeslaBrowse
          • 104.26.12.205
          https://ortelia.com/Downloads/Curator/CuratorSetup.exeGet hashmaliciousHavocBrowse
          • 1.1.1.1
          https://app.esign.docusign.com/e/er?utm_campaign=GBL_XX_DBU_NEW_2307_FreetoTrialUnlock_Email1AU&utm_medium=email&utm_source=Eloqua&elqCampaignId=29542&s=566810826&lid=32871&elqTrackId=1034fb987fd44c9a9a4d0833ff06a55d&elq=89d72859fe264966a0176d4309dbb1a6&elqaid=60251&elqat=1Get hashmaliciousUnknownBrowse
          • 172.64.151.101
          https://ortelia.com/download-ortelia-curator/Get hashmaliciousHavocBrowse
          • 1.1.1.1
          SecuriteInfo.com.Win32.PWSX-gen.1728.1300.exeGet hashmaliciousAgentTeslaBrowse
          • 104.26.12.205

          JA3 Fingerprints

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          7dcce5b76c8b17472d024758970a406byDOZ8nTvm8.rtfGet hashmaliciousAgentTeslaBrowse
          • 172.67.206.230
          DETAILS.docx.docGet hashmaliciousRemcosBrowse
          • 172.67.206.230
          R1iBOIfySQ.xlsxGet hashmaliciousHidden Macro 4.0Browse
          • 172.67.206.230
          msXkgFIUyS.rtfGet hashmaliciousAgentTeslaBrowse
          • 172.67.206.230
          L2165c5ZiO.rtfGet hashmaliciousRemcosBrowse
          • 172.67.206.230
          Qzr31SUgrS.rtfGet hashmaliciousRemcosBrowse
          • 172.67.206.230
          mrOdyevwvZ.rtfGet hashmaliciousUnknownBrowse
          • 172.67.206.230
          OFFER DETAIL 75645.xlsGet hashmaliciousRemcosBrowse
          • 172.67.206.230
          P.O.109961.xlsGet hashmaliciousRemcosBrowse
          • 172.67.206.230
          MV SUN OCEAN BUNKER INV.docGet hashmaliciousAgentTeslaBrowse
          • 172.67.206.230

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

          Download File
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:modified
          Size (bytes):270336
          Entropy (8bit):0.0018811398465979306
          Encrypted:false
          SSDEEP:3:MsEllllkEthXllkl2zE+/TY/l:/M/xT02zLYt
          MD5:6E2A737C14F919D2BE333FB90C1A82E9
          SHA1:88864F93AFBFC9E8CA24A07096019E973BD944A2
          SHA-256:49A0E50E9A772AED83DCE1A89A06757CA279FF99013B73D1FF97149D1F33DFBE
          SHA-512:C002D68484D0C8BF92D7A56A220E66BC9A63A5F24419F779FCB6FEC7B991E0DDA7AF8BECEF588CAE88C4C930914ED3E18EC70C3284C6912EC574D442ED091A82
          Malicious:false
          Reputation:low
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

          Download File
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):292
          Entropy (8bit):5.220870716759954
          Encrypted:false
          SSDEEP:6:sm2oN+q2PP2nKuAl9OmbnIFUt8zm2mxZZmw+zm2mxNVkwOP2nKuAl9OmbjLJ:ZivWHAahFUt8STxZ/+STxz57HAaSJ
          MD5:5B509FC62858D2C47DF43BFE05234F4E
          SHA1:5ECEA9C9779B46C32AF46058ECF7185560AF2968
          SHA-256:B9BCB0D6A8299BE2AE89371A9FF9C3037552CEB1B33A184182F69A76B07EE98E
          SHA-512:859DC316BD353AE89BA9254B8E2CE145A853685FAEA75203FA3DD58B45B19F537CD1720A5B59446B28B3A24D8E8A314BEEDE11026B901BFEBBD949AD8200E1AC
          Malicious:false
          Reputation:low
          Preview:2024/04/18-10:18:22.745 3348 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/18-10:18:22.792 3348 Recovering log #3.2024/04/18-10:18:22.792 3348 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

          Download File
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):292
          Entropy (8bit):5.220870716759954
          Encrypted:false
          SSDEEP:6:sm2oN+q2PP2nKuAl9OmbnIFUt8zm2mxZZmw+zm2mxNVkwOP2nKuAl9OmbjLJ:ZivWHAahFUt8STxZ/+STxz57HAaSJ
          MD5:5B509FC62858D2C47DF43BFE05234F4E
          SHA1:5ECEA9C9779B46C32AF46058ECF7185560AF2968
          SHA-256:B9BCB0D6A8299BE2AE89371A9FF9C3037552CEB1B33A184182F69A76B07EE98E
          SHA-512:859DC316BD353AE89BA9254B8E2CE145A853685FAEA75203FA3DD58B45B19F537CD1720A5B59446B28B3A24D8E8A314BEEDE11026B901BFEBBD949AD8200E1AC
          Malicious:false
          Reputation:low
          Preview:2024/04/18-10:18:22.745 3348 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/18-10:18:22.792 3348 Recovering log #3.2024/04/18-10:18:22.792 3348 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF6beb59.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):292
          Entropy (8bit):5.220870716759954
          Encrypted:false
          SSDEEP:6:sm2oN+q2PP2nKuAl9OmbnIFUt8zm2mxZZmw+zm2mxNVkwOP2nKuAl9OmbjLJ:ZivWHAahFUt8STxZ/+STxz57HAaSJ
          MD5:5B509FC62858D2C47DF43BFE05234F4E
          SHA1:5ECEA9C9779B46C32AF46058ECF7185560AF2968
          SHA-256:B9BCB0D6A8299BE2AE89371A9FF9C3037552CEB1B33A184182F69A76B07EE98E
          SHA-512:859DC316BD353AE89BA9254B8E2CE145A853685FAEA75203FA3DD58B45B19F537CD1720A5B59446B28B3A24D8E8A314BEEDE11026B901BFEBBD949AD8200E1AC
          Malicious:false
          Reputation:low
          Preview:2024/04/18-10:18:22.745 3348 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/18-10:18:22.792 3348 Recovering log #3.2024/04/18-10:18:22.792 3348 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

          Download File
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):131072
          Entropy (8bit):0.005597679101775777
          Encrypted:false
          SSDEEP:3:ImtVOM1xVlt/XSxdltIt/l:IiVfxlKxdXI1l
          MD5:FD55D575475A6BD81B055F46FA34BA8B
          SHA1:289A6344929F221E19D2F9097A5907FE42C03855
          SHA-256:261CE45767DBF1E61AAF67C5EC1D75C2FF5C02681DF96897D5B0EC56A0F8C2AB
          SHA-512:F2247D89C3268E838AE6F4BCDC1C4BB9C60E4F2E05B1763CD152811661A00B8BFC467F71009894676E38CE31229DF35F6FC9F2F19C2911698012D0594697F098
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:VLnk.....?......LhXJ ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

          Download File
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          File Type:data
          Category:dropped
          Size (bytes):128373
          Entropy (8bit):1.984352562880039
          Encrypted:false
          SSDEEP:384:hNzyk+spBXiosQUYuoB7OdnGbLq+ACtKzZQ9w/fQ1D+v+W2gnHwvAgIEyXG1oJ/J:nUwvgnHwvAP
          MD5:B4621E956E08FFC84D8E099B27014FEE
          SHA1:CB4604EED70C03ABADD11C5EF15E566B8A9802E4
          SHA-256:0C42B243A4C3673436D22F0C51033E2306005CDB0CFCB82A849452BD3E741CF7
          SHA-512:A99A6769B42241891C83EDD62CD4E4027BBF2F5BC716B4ED01CFDBE7312526C5DA8A3D37EB2D471C0A707952A6D8C9143A921FA7428B9F46105583549540DC47
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:Adobe Acrobat Reader DC 19.0....?A12_SelectObject.................................................................................................................................................~~~@~~~ ........................................................................................~~~.~~~.~~~.....................................................................................~~~.~~~.~~~.~~~`................................................................................~~~.~~~.~~~.~~~.~~~`............................................................................~~~.~~~.~~~.~~~.~~~.~~~@........................................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~0....................................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~0................................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.............................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\font[1].eot

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:Embedded OpenType (EOT), Atkinson Hyperlegible family
          Category:modified
          Size (bytes):26041
          Entropy (8bit):7.968188917443119
          Encrypted:false
          SSDEEP:768:q10iLiDY00+I1R3X34AlzaJ+AczW1joln:qeiLeI1R3XLoJ+7D
          MD5:0DDA638FA7AC576E073516E7DF51B4F0
          SHA1:9D954764CB8B7D39B7A4C0F2752DDFBDEEAF2E02
          SHA-256:16F4B5331B220F76A91EFA43B7DB0D495E156B3A9618CD7635C24128046611B7
          SHA-512:E7D931378C13FBF2B345EFA016DF24E93F997FB555F92914E3ABE706E0DE1005F2F1BD5C34358F3D3EFF46A0D6A7DBC62690E6BB948480428EA83D9063CD41BA
          Malicious:false
          Reputation:low
          Preview:.e...d............................LP....K ............. .....#....................*.A.t.k.i.n.s.o.n. .H.y.p.e.r.l.e.g.i.b.l.e.....R.e.g.u.l.a.r...F.V.e.r.s.i.o.n. .1...0.0.6.;. .t.t.f.a.u.t.o.h.i.n.t. .(.v.1...8...3.)...:.A.t.k.i.n.s.o.n. .H.y.p.e.r.l.e.g.i.b.l.e. .R.e.g.u.l.a.r.....BSGP.....................M..Zd.C.....`.g.iSzwxy&U:.47.1Z$..1.Dc $&......!.{...=.x..)3V....`@..-.T..D;.m...k.i..|..>..v.......e.<>h...rHN=...zU...^.V94[..?(...^.K....$}.'..:.J.R|..xM.~.6.V..053......@.r.........hc...B.^.r.*<..!.....M|[1...%..^j..=.Sj.9..p.@..#.........Nsz....K.i..$$....~^..e..Sk.5.F.}.f8ahX..Q.......;....>..8.1`.^.cnz.Q...5N..]Q.....`.z..9..Uv.2...X./.3....N...zt.pn<B.E$.$.......&Pz.qs.&X0!..u.\.Hv...\g....W._*....M.&......T.1x.L....I....bTr....R%4.7n.O..t..OH#...*..M .....6..^..i..H..<#/yd.<.2...(.V..0u....+...1..&..........zP.D=.T@P ......../.lW.E.f..o.....K........x.._m9-J:.......+...K<....D.Z.Q..U-..c......."..d7.0.}.X.w\b.\.rc....".o....]s.D.

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\global[1].css

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:ASCII text, with very long lines (2265), with no line terminators
          Category:dropped
          Size (bytes):2265
          Entropy (8bit):5.199586737356704
          Encrypted:false
          SSDEEP:48:s/vavbYvOAGocZXO6PPCaRm9CiBwUDR8G/sZuDMP+:X+5iXOAm91BsG6P+
          MD5:0475FF16EFBDEFBDC4DD45C7A5216C3B
          SHA1:D956619256FD9FBDCF8E9257CFBFA6096805AAC6
          SHA-256:E0F86E323975A3B20BBE1BBF604A6FA7821ECE79FF13756B61328FEF05FDC5DD
          SHA-512:056E388C3CE24C52BE37D7F22CD8F293D7D715F65095626BB9CF515B54DFEC82BD1B73BB7B08DE018EA903C3971F86D46C5620C78CDA4BE6FECAF3956AEAD3A5
          Malicious:false
          Reputation:low
          Preview:@font-face{font-family:iconfont;src:url(//at.alicdn.com/t/font_2714604_9lb2x9lgh3j.woff2?t=1627849023317) format("woff2"),url(//at.alicdn.com/t/font_2714604_9lb2x9lgh3j.woff?t=1627849023317) format("woff"),url(//at.alicdn.com/t/font_2714604_9lb2x9lgh3j.ttf?t=1627849023317) format("truetype")}html,body{position:relative;width:100%;height:100%}blockquote,body,dd,dl,dt,fieldset,figure,h1,h2,h3,h4,h5,h6,hr,html,iframe,legend,li,ol,p,pre,textarea,ul{margin:0;padding:0}body{color:#333;margin:0;padding:8px;box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Oxygen-Sans,Ubuntu,Cantarell,helvetica neue,sans-serif}a{color:#0064c8;text-decoration:none}a:hover{text-decoration:underline}a:visited{color:#0050a0}label{display:block}input,button,select,textarea{font-family:inherit;font-size:inherit;padding:.4em;margin:0 0 .5em;box-sizing:border-box;border:1px solid #ccc;border-radius:2px}input:disabled{color:#ccc}input[type=range]{height:0}button{background-color:#f4f4f4

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\index[1].html

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:HTML document, ASCII text, with very long lines (348)
          Category:dropped
          Size (bytes):1670
          Entropy (8bit):4.824629434797592
          Encrypted:false
          SSDEEP:48:COu/IehmrkCDe83GkjepDYNiNL/BQRNDD:i/IehKkGexkjepDhqRN3
          MD5:DBD98101E573BD765570E031127930D9
          SHA1:76D129F7640C58520E1F609421F133343C024990
          SHA-256:C51BBC71C359CAD610A6894A4FEAAAA4C9F18F4127EFAE14015E3D93D4FF731D
          SHA-512:51462F372954E692E015C6FA7CEE06E6251A0FDA0CEEAB695B9E34F93D217F1B7F59CC06A56426C989FC83344AE162B862964F06477F01C49A6A67807A42037C
          Malicious:false
          Reputation:low
          Preview:<!DOCTYPE html><html prefix="og: http://ogp.me/ns#"><head>.<meta charset="utf8">.<meta name="viewport" content="width=device-width">.<title>Pop.tg | URL shortener</title>.<meta name="robots" content="index,follow">.<meta name="googlebot" content="index,follow">.<meta name="description" content="A simple, easy-to-use and free URL shortener">.<meta name="keywords" content="url shortener, bitly, tinyurl, api, links shortener, tiny url, short url, short link, links shortening, free url shortener, custom url shortener, shortening url, shorten url, shorten links, url, link, url redirect, shorter link, customize url, customize link, url shortener no ads, url shortener without ads, pop.tg">.<meta property="og:title" content="Pop.tg | URL shortener">.<meta property="og:description" content="A simple, easy-to-use and free URL shortener">.<meta property="og:url" content="https://www.pop.tg">.<meta property="og:type" content="website">.<meta name="twitter:card" content="summary_large_image">.<meta

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\main[1].css

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:ASCII text, with very long lines (8981), with no line terminators
          Category:dropped
          Size (bytes):8981
          Entropy (8bit):5.019574921061423
          Encrypted:false
          SSDEEP:96:s432LIkMJ5B03kqZFh6O/hmSZNZ1B0knoVYf:F32LG5O3kYkO/hfZNZXNomf
          MD5:85255D668AE5ECF1AC0F930CEF1C014A
          SHA1:6908CB68C3BBBD1604FBE091AA22F42C33936391
          SHA-256:724F927DCD7FD9358C0C3F902D4D445656FACAA314106A440F4740E0514C7BAF
          SHA-512:BB20D01C4C2F23C84707C269C97DF52CDBA6276C5A8CC2BF503250C399360095510CEDC6E52C23D4C0B44B9194949230A2FECA3E7B215AC7885F115259D5E254
          Malicious:false
          Reputation:low
          Preview:.links.svelte-bioli6.svelte-bioli6{position:fixed;left:0;bottom:0;padding:1rem;line-height:normal;display:flex;flex-direction:column;z-index:5000}.links.svelte-bioli6 a.svelte-bioli6{margin-top:1rem;cursor:pointer;display:block}.btns.svelte-1deybdz.svelte-1deybdz{margin:2rem}.btns.svelte-1deybdz button.svelte-1deybdz{position:relative;transition:background .3s ease,box-shadow .3s ease;height:2.5rem;margin-bottom:unset;margin-top:.4rem;width:8rem;animation:in .3s;border:none;background:#f0f0f0;cursor:pointer;color:#161616}.btns.svelte-1deybdz button.svelte-1deybdz::after{content:"";position:absolute;top:0;left:0;z-index:-1;width:100%;height:100%;opacity:0;border-radius:1.25rem;box-shadow:0 0 2px 0 rgba(0,0,0,.2)}.btns.svelte-1deybdz button.svelte-1deybdz:first-child{border-radius:1.25rem 0 0 1.25rem}.btns.svelte-1deybdz button.svelte-1deybdz:first-child::after{border-radius:1.25rem 0 0 1.25rem}.btns.svelte-1deybdz button.svelte-1deybdz:last-child{border-radius:0 1.25rem 1.25rem 0}.btns.

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\index[1].html

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:HTML document, ASCII text, with very long lines (348)
          Category:dropped
          Size (bytes):1670
          Entropy (8bit):4.824629434797592
          Encrypted:false
          SSDEEP:48:COu/IehmrkCDe83GkjepDYNiNL/BQRNDD:i/IehKkGexkjepDhqRN3
          MD5:DBD98101E573BD765570E031127930D9
          SHA1:76D129F7640C58520E1F609421F133343C024990
          SHA-256:C51BBC71C359CAD610A6894A4FEAAAA4C9F18F4127EFAE14015E3D93D4FF731D
          SHA-512:51462F372954E692E015C6FA7CEE06E6251A0FDA0CEEAB695B9E34F93D217F1B7F59CC06A56426C989FC83344AE162B862964F06477F01C49A6A67807A42037C
          Malicious:false
          Reputation:low
          Preview:<!DOCTYPE html><html prefix="og: http://ogp.me/ns#"><head>.<meta charset="utf8">.<meta name="viewport" content="width=device-width">.<title>Pop.tg | URL shortener</title>.<meta name="robots" content="index,follow">.<meta name="googlebot" content="index,follow">.<meta name="description" content="A simple, easy-to-use and free URL shortener">.<meta name="keywords" content="url shortener, bitly, tinyurl, api, links shortener, tiny url, short url, short link, links shortening, free url shortener, custom url shortener, shortening url, shorten url, shorten links, url, link, url redirect, shorter link, customize url, customize link, url shortener no ads, url shortener without ads, pop.tg">.<meta property="og:title" content="Pop.tg | URL shortener">.<meta property="og:description" content="A simple, easy-to-use and free URL shortener">.<meta property="og:url" content="https://www.pop.tg">.<meta property="og:type" content="website">.<meta name="twitter:card" content="summary_large_image">.<meta

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\main[1].js

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:Unicode text, UTF-8 text, with very long lines (45197)
          Category:dropped
          Size (bytes):90914
          Entropy (8bit):5.54992294596034
          Encrypted:false
          SSDEEP:1536:YQmXkyQLhyzI6KwW8i55n1/2WOCnTFHcdl7/O+f0Ul73gfJ3RnoHp77:YQm4yhsOyFHqOWl73oJ3Rnkp77
          MD5:EDDF68C225DDE7CACA03FA12CE216673
          SHA1:698D5B34F85A8363267D378268495BEDB98BFD42
          SHA-256:DF9A8EF3B98B5F3CE8B27360FDCA59BBE04CBE59574401E66FB6FD7E9E1322A9
          SHA-512:6CF14E87D6C0405176E17E522F3B8F9A1522914BE88243D92F81953B2F294FF47006BAB4CAE6C62EAD8F5381767967CF036AD37BA38238AB80E19D70C3960602
          Malicious:true
          Preview:function U(){}var ht=e=>e;function bs(e,t){for(let r in t)e[r]=t[r];return e}function nn(e){return e()}function sn(){return Object.create(null)}function X(e){e.forEach(nn)}function Bt(e){return typeof e=="function"}function Q(e,t){return e!=e?t==t:e!==t||e&&typeof e=="object"||typeof e=="function"}function ws(e){return Object.keys(e).length===0}function Vt(e,t,r,n){if(e){let i=on(e,t,r,n);return e[0](i)}}function on(e,t,r,n){return e[1]&&n?bs(r.ctx.slice(),e[1](n(t))):r.ctx}function Wt(e,t,r,n){if(e[2]&&n){let i=e[2](n(r));if(t.dirty===void 0)return i;if(typeof i=="object"){let s=[],o=Math.max(t.dirty.length,i.length);for(let a=0;a<o;a+=1)s[a]=t.dirty[a]|i[a];return s}return t.dirty|i}return t.dirty}function Kt(e,t,r,n,i,s){if(i){let o=on(t,r,n,s);e.p(o,i)}}function Zt(e){if(e.ctx.length>32){let t=[],r=e.ctx.length/32;for(let n=0;n<r;n++)t[n]=-1;return t}return-1}var an=typeof window!="undefined",un=an?()=>window.performance.now():()=>Date.now(),Jt=an?e=>requestAnimationFrame(e):U,Pe=n

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\css2[1].css

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:ASCII text
          Category:dropped
          Size (bytes):236
          Entropy (8bit):5.4929898271214315
          Encrypted:false
          SSDEEP:6:0IFFDrvCwS+56ZRWHMqh7izlpdUDFho4Kxtm:jFlrawSO6ZRoMqt6pSdKfm
          MD5:FC06007A6AC7050EF289F35DA39CC89D
          SHA1:E8CC4520DF6DE89E35F4472917C893FF3931E82C
          SHA-256:9E2F5834238FD68E7FDFD94207A8028C06088E48D33AEF647682A98DE548AE56
          SHA-512:7F1060A8AD4323A7770D5A67EC2F29B37FD1FE54294766248BA25817E46EE9EC62EAB41956B82DB4245A0C459477E73042F0EB7CB5B85AE2A158F7399DEB778D
          Malicious:false
          Preview:@font-face {. font-family: 'Atkinson Hyperlegible';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/l/font?kit=9Bt23C1KxNDXMspQ1lPyU89-1h6ONRlW45GE5A&skey=273537385173c67e&v=v11);.}.

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\99E1BAC8.emf

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
          Category:dropped
          Size (bytes):4056
          Entropy (8bit):1.929653848333741
          Encrypted:false
          SSDEEP:12:YB1uOUvJqRENEtEtEdEdEdEO6Mcs/vs9/09v89fE9vM9/U9Lzlm97z9m9Lz1m9bO:Y7uTvJqRiGGWWWRKqurbkdBvae
          MD5:4A103FC1809C8EA381D2ACB5380EF4F6
          SHA1:6C81D37798C4D78C64E7D3EF7EB2ACB317C9FF67
          SHA-256:1AB8F5ABD845FFD0C61A61BB09BFCF20569B80B4496BCCB58C623753CF40485C
          SHA-512:77DA8AB022505D77F89749E97628CAF4DD8414251CB673598ACBA8F7D30D1889037FAB30094A6CE7DC47293697A6BEF28B92364D00129B59D2FC3711C82650F5
          Malicious:false
          Preview:....l...........0...............C'...... EMF................................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................1......."...........!...............................................1......."...........!...............................................1......."...........!...............................................1......."...........!...............................................1......."...........!...............................................1.......'.......................%...........................................................&...........................%...........................6.......0.......%...........L...d.........../...............0.......!...

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BFAAF593.emf

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
          Category:dropped
          Size (bytes):433328
          Entropy (8bit):5.820352131070705
          Encrypted:false
          SSDEEP:6144:9ifm7kwvqU4iyCbPUV7gdaI6z0R/sjBx2:9l7kwvqULUVS
          MD5:55D0E293DF03EC273C41698E78A89B8C
          SHA1:402593798904BDA8C20E2D9E85D995830CBD19A2
          SHA-256:DD8986D9061C1F75BD550D307403B3647F2A35D9002C7FD728B8AD07C216B016
          SHA-512:4C7717B5ACF724BA436381B880968E89BA5274EFE39D258B8FBBD8AD8CB2ED31F59F3DE5BEE5DBFECB8CB5F1279AEF25A64784DC27B958651674834DE5E9C5E1
          Malicious:false
          Preview:....l...........[................S..%;.. EMF........t...........................@...........................F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................\......."...........!...............................................\......."...........!...............................................\......."...........!...............................................\......."...........!...............................................\.......'.......................%...........................................................L...d.......D...[...........D...\...D...!..............?...........?................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D4E20A78.emf

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
          Category:dropped
          Size (bytes):4056
          Entropy (8bit):1.9017483361098562
          Encrypted:false
          SSDEEP:24:YOu6PJqRixxBBBQAAJnHbG/KD3ql/mfzG/S6ATn9eDIb6eD/qLvae:9u6IRixxBBBQlJatF6n8g/wae
          MD5:8F636083CE616F8EB610556C57CC3CAA
          SHA1:4291DA8874EF4A60300F4BAAEC84F5A4A425E31E
          SHA-256:62E41677B9A6F9B0139BB4D5EAA890F1423F707383A960FFA261A7C4A677F3EB
          SHA-512:78FF54528C73E9E52C67FC8536BDA2628F4177ACDC9E749F4EAF69639F82E468B3766AEACD4F24BABCB30227572B2F522FDDF2FBD8B790C474ACF313BD32C84A
          Malicious:false
          Preview:....l............................+..g... EMF....................................@...........................F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................&...........................%...........................6...............%...........L...d...................................!...

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E3092323.emf

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
          Category:dropped
          Size (bytes):330948
          Entropy (8bit):4.972456048494713
          Encrypted:false
          SSDEEP:3072:P0Bd8yCKdQW2222222Igccz3/qSmV1XITSuaZgOTARfMDc1ji:P0Bd8yCKdQRzw4muaZ9TARfMDcFi
          MD5:ACDB960007E7F15079613062ED043743
          SHA1:DEA775DBF9E83B85EEA5B1D8191C7C0EAA78B0E5
          SHA-256:8098245EF66A1EE02FB6289256C4167B1EE7110BA29D772DC4861AB762981DAC
          SHA-512:A92A082540AD2F0C0958A06E17144C0CB5944D31CAACC99CD3E73F5BDEA6DF5D7581D12046A1C1612369D01398208A8DAEB5E2733AAD115745184C7E4243C6A2
          Malicious:false
          Preview:....l...........0...%............K...8.. EMF........l.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................1...&..."...........!...............................................1...&..."...........!...............................................1...&..."...........!...............................................1...&..."...........!...............................................1...&...'.......................%...........................................................L...d.......W...0...........W...1...T...!..............?...........?................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FE6A2C29.emf

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
          Category:dropped
          Size (bytes):884312
          Entropy (8bit):1.2944965349348616
          Encrypted:false
          SSDEEP:1536:W3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:Hux/ZiOE85e+8J2dvRcvMyw
          MD5:9ABE7EB352E0DB96B52C99AC2FDEA85F
          SHA1:8DC45D02308275BA32B7FFB320A3042256D40C8B
          SHA-256:EC022DFF1CC8251BA9D849C16431914635473FC5457AE73AA277651B47948869
          SHA-512:E43325B927F5365F16118B67E1830B2A0E8CC051D9AEAB144DA6A75751CA39CC1831158270A50ED31BCCBA29C98A56769E516F36C45CB5FAA1BB6ED92CC0A5EB
          Malicious:false
          Preview:....l............................2...... EMF....X~..........................8...X....................?...........................................2......................Q....}..........................................P...(...x...$}...... ....2......(...................$}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FEB9295A.emf

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
          Category:dropped
          Size (bytes):884312
          Entropy (8bit):1.2944875740888722
          Encrypted:false
          SSDEEP:1536:k3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:5ux/ZiOE85e+8J2dvRcvMyw
          MD5:B6DFB3AA7AC4A1A52336C30FA821857B
          SHA1:66ECB808A516AC5B07A01CDFCAD65FD7B9907619
          SHA-256:E22202331F689D7568E674B0DCD895DF66FAC5980498F05A846DE244AB3394C4
          SHA-512:A13562F976BCBEEF7D4B4926C37E39BFD4C588EF6E746792B806E6737C91604175395021D4884493D764CE7F0EE2ACC6C7D03A6045A5B4ED6616E5D7E4C9FE94
          Malicious:false
          Preview:....l............................F..C%.. EMF....X~..............................@................................................................F..C%..................Q....}..........................................P...(...x...$}...... ....F..C%..(...................$}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\~DF4197F9AF0E1175A1.TMP

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):512
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3::
          MD5:BF619EAC0CDF3F68D496EA9344137E8B
          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
          Malicious:false
          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\~DF57F995265FDB66B6.TMP

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):512
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3::
          MD5:BF619EAC0CDF3F68D496EA9344137E8B
          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
          Malicious:false
          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\~DFB6DE027B7CC70010.TMP

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):11776
          Entropy (8bit):5.844406371380569
          Encrypted:false
          SSDEEP:192:MIuQTYZwtFEBP6pIMkrlzDDgH8zG5yLo:MATYOIBP+kBHkMGgs
          MD5:165889CDD24007F98909222E5DB9AD12
          SHA1:37C465138461B31459BD07190FD76AF210C5340F
          SHA-256:1B6DAC9D44AFA0038B30B74958BA4FF4DA94D07CC3E14416F1BA2069C597950C
          SHA-512:E7F38D690D527EB28186F9199276EC8FA5D89FEF3DD33FB7C130EACCC0F40D5136980F517DAF7B910FC4851ED97BF9C929517422AE834D2D5EE6F0B7CE8860F5
          Malicious:false
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\~DFC849BCD570ABD8B1.TMP

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):172032
          Entropy (8bit):6.443259947613745
          Encrypted:false
          SSDEEP:3072:BZkJAg15YEbTKWIHmppIYYFxEtjPOtioVjDGUU1qfDlaGGx+cugLX0d6ZwE/zDid:BZunrTqGWxEtjPOtioVjDGUU1qfDlavM
          MD5:C644AC7BB893E6E872B3F73673D681A7
          SHA1:B19CBA4DB7DA46FA33416DC249536A1FDA68210C
          SHA-256:0C091606058F651DF27A87318A202557B9CBC193635C6AC44365CEC1935445BD
          SHA-512:FDBF8A807C001B5A6D223F717DF0678FF93649DD043094FCC6B1D189849784A390054C7BD041DBEB7DDFD095ED8058AD7D97F8A2D3BBD2CBE97207C03A154496
          Malicious:false
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

          Download File
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          File Type:data
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):0.6739662216458647
          Encrypted:false
          SSDEEP:12:Ppb0slZp69PO9tauZ7nH2AaYSQ81v0t4TreIBUxFj87+k/R:RbG4WuZfKZ1c+reIAon/R
          MD5:C61F99FE7BEE945FC31B62121BE075CD
          SHA1:083BBD0568633FECB8984002EB4FE8FA08E17DD9
          SHA-256:1E0973F4EDEF345D1EA8E90E447B9801FABDE63A2A1751E63B91A8467E130732
          SHA-512:46D743C564A290EDFF307F8D0EF012BB01ED4AA6D9667E87A53976B8F3E87D78BEBE763121A91BA8FB5B0CF5A8C9FDE313D7FBD144FB929D98D7D39F4C9602C9
          Malicious:false
          Preview: ....+..F..N..F).~]............\.">.. .......p.J..} /o...rLj-...FS..'x.o..%^ .....zr/..3.y.e4...MM.4..x9.f.D..{..(....'p......9...Qn..d..+.....H..M.)..........].....n-.]........n&.*.H`.sz...r.....1B.....e.."...A.....,-....n..$.<....CO..VO..P..'.......<......n....&5s....z..$.{'IM-.o..(#N.-..(H...a&...y.S..`8.(./...1.P.. .....K.3.......I!]G....@N........F.l.T=.0...`"..L....B...B`nI.<.....&F..2J2....1..Rs....h.Zq.`...t..CJ....@.....I.G.e..k..H.....F..G:..6.G.l=.Y......:...C.........?[.ts...=....;.|...q...@....s................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

          Download File
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          File Type:data
          Category:dropped
          Size (bytes):24152
          Entropy (8bit):0.7532185028349225
          Encrypted:false
          SSDEEP:48:CMnfnO4FGtsFqN6t8nlztZKR6axR6uiozVb:ZnfO4kWKpZKdxR35
          MD5:520FE964934AF1AB0CEBA2366830D0FA
          SHA1:B90310ACA870261CB619FDFD1E54E1B1A25074FF
          SHA-256:DBD45EEA386D364B30BA189E079BFA05C2C40D9E5E83722C39A171998ED079C1
          SHA-512:A4839A6AB8DB522D9121A590B8C711E8C4F172D9CB71C918860F8048472920F3341B7BA624DFF514BE397809149E4471B2DF981DC81FE77C26B2DDF342A42F8C
          Malicious:false
          Preview: ...W....K.h.E..g..0...!1sm.[t\......A......5_...N{Yf?.w..[.Y..A...a^..(._.=.......:.v.$*.....e...F....f.qo.]...B1{.8.%%..,...;.|..<....g ....l.7.`ny.h.n.y...~Y.../.. .WZ.'......AI.|.._K}-$.i..<(.7Y...U....T.i.N.'Pt..c.[........<zni.::. 8W.<S...8!.Wh..;T.?.^yf...E?...pQ....i.;>/..^...r.YsncP..@.. .[".^..A.|.0..$<bC.G........~];..D.|.v.B.).g.E5.?... .N...}....i.,5..a.Fk.%.u.`..F...;xlw.}.5.Jt..c.5.....v...~)..8b|.*.B.]-]jk....PQZ..T}..M.S...88......?.*$..]..%V..D.<.5.d...[..Z.....2........%.$E..+sb.......*...g...>Q[l.}......@=..5L..._....Pi..HY.<[..l...H....9.\=u.v.....S8-&...,5..}t......m...*..R.W.G.NZ....w.....{.iA......G.f.TN.zk..(....q).....n....3..C...d./..........................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls (copy)

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Apr 18 09:18:18 2024, Security: 1
          Category:dropped
          Size (bytes):366592
          Entropy (8bit):7.807329094672133
          Encrypted:false
          SSDEEP:6144:xPun1TqGsxEtjPOtioVjDGUU1qfDlavx+fgLX0d6liv3bV2BDl30tjl6U7a7Ie4+:xq1TFPabVaJ0Zl62OIew4BuJj
          MD5:1521E82FED40C9966EAADE3DCF89C16B
          SHA1:251674B52C8F7499F465BBB0CC64CA72615DC38B
          SHA-256:81F506B8FE8D4046F712F237A0043619FF5F746AC8C275919566E6B1C5572CA7
          SHA-512:EA0E25F5B34404876E6C2159823B3F69D3339E6B6A4E8A2BDF2E600AFD8AC3800EF5BE308BEFA5DE4CC778FA2353C656FEC6F961CEE62FA7FBD9A1245A06B6E8
          Malicious:false
          Preview:......................>.......................................................B...C...h.......j...................................................................................................................................................................................................................................................................................................................................................................................................................................................A....................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...........0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...................E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

          C:\Users\user\Desktop\C2030000

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Apr 18 09:18:18 2024, Security: 1
          Category:dropped
          Size (bytes):366592
          Entropy (8bit):7.807329094672133
          Encrypted:false
          SSDEEP:6144:xPun1TqGsxEtjPOtioVjDGUU1qfDlavx+fgLX0d6liv3bV2BDl30tjl6U7a7Ie4+:xq1TFPabVaJ0Zl62OIew4BuJj
          MD5:1521E82FED40C9966EAADE3DCF89C16B
          SHA1:251674B52C8F7499F465BBB0CC64CA72615DC38B
          SHA-256:81F506B8FE8D4046F712F237A0043619FF5F746AC8C275919566E6B1C5572CA7
          SHA-512:EA0E25F5B34404876E6C2159823B3F69D3339E6B6A4E8A2BDF2E600AFD8AC3800EF5BE308BEFA5DE4CC778FA2353C656FEC6F961CEE62FA7FBD9A1245A06B6E8
          Malicious:false
          Preview:......................>.......................................................B...C...h.......j...................................................................................................................................................................................................................................................................................................................................................................................................................................................A....................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...........0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...................E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

          C:\Users\user\Desktop\C2030000:Zone.Identifier

          Download File
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):26
          Entropy (8bit):3.95006375643621
          Encrypted:false
          SSDEEP:3:ggPYV:rPYV
          MD5:187F488E27DB4AF347237FE461A079AD
          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
          Malicious:false
          Preview:[ZoneTransfer]....ZoneId=0

          Static File Info

          General

          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Apr 17 02:34:47 2024, Security: 1
          Entropy (8bit):7.4492673585803955
          TrID:
          • Microsoft Excel sheet (30009/1) 47.99%
          • Microsoft Excel sheet (alternate) (24509/1) 39.20%
          • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
          File name:11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls
          File size:327'168 bytes
          MD5:1b73adcb8a81f3c16c93d068ef96e71c
          SHA1:51a531d12af8a4146a1986c81062b52d97d39f3d
          SHA256:d54c6022fce79e44ae05bba1f148fe83b3991c7c6bd8a8efd19f4d615bf15a96
          SHA512:0bd6dbc118976d7b7526bce8568ba61a9a4807471fb52110e14afc74647e6641facb9b475d6ed791b9062e746d6aab27d935fef3ef7ae92deef2c5ae3c70ab08
          SSDEEP:6144:1nunJTGY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVZWMICQVgtxNQic6b/As4:1yJTf3bVZWMICmgtMKbA3PR/yHU9
          TLSH:1064D011FF81875AE089573549F74AAB6225FC415F924B0F325CF72E3DB03A45E2BA22
          File Content Preview:........................>.......................................................G...H...{......................................................................................................................................................................

          File Icon

          Icon Hash:276ea3a6a6b7bfbf

          Static OLE Info

          General

          Document Type:OLE
          Number of OLE Files:1

          OLE File "11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls"

          Indicators
          Has Summary Info:
          Application Name:Microsoft Excel
          Encrypted Document:True
          Contains Word Document Stream:False
          Contains Workbook/Book Stream:True
          Contains PowerPoint Document Stream:False
          Contains Visio Document Stream:False
          Contains ObjectPool Stream:False
          Flash Objects Count:0
          Contains VBA Macros:True
          Summary
          Code Page:1252
          Author:
          Last Saved By:
          Create Time:2006-09-16 00:00:00
          Last Saved Time:2024-04-17 01:34:47
          Creating Application:Microsoft Excel
          Security:1
          Document Summary
          Document Code Page:1252
          Thumbnail Scaling Desired:False
          Contains Dirty Links:False
          Shared Document:False
          Changed Hyperlinks:False
          Application Version:786432

          Streams with VBA

          VBA File Name: Sheet1.cls, Stream Size: 977
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
          VBA File Name:Sheet1.cls
          Stream Size:977
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 45 c1 9e 15 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          VBA Code
          Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

          VBA File Name: Sheet2.cls, Stream Size: 977
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
          VBA File Name:Sheet2.cls
          Stream Size:977
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E ^ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 45 c1 5e da 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          VBA Code
          Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

          VBA File Name: Sheet3.cls, Stream Size: 977
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
          VBA File Name:Sheet3.cls
          Stream Size:977
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E N ! . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 45 c1 4e 21 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          VBA Code
          Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

          VBA File Name: ThisWorkbook.cls, Stream Size: 985
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
          VBA File Name:ThisWorkbook.cls
          Stream Size:985
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0
          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 45 c1 a5 f0 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          VBA Code
          Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

          Streams

          Stream Path: \x1CompObj, File Type: data, Stream Size: 114
          General
          Stream Path:\x1CompObj
          CLSID:
          File Type:data
          Stream Size:114
          Entropy:4.25248375192737
          Base64 Encoded:True
          Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
          Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
          General
          Stream Path:\x5DocumentSummaryInformation
          CLSID:
          File Type:data
          Stream Size:244
          Entropy:2.889430592781307
          Base64 Encoded:False
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
          Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
          General
          Stream Path:\x5SummaryInformation
          CLSID:
          File Type:data
          Stream Size:200
          Entropy:3.282068105701866
          Base64 Encoded:False
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . U t n g . . . . . . . . .
          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
          Stream Path: MBD0004D5A5/\x1CompObj, File Type: data, Stream Size: 94
          General
          Stream Path:MBD0004D5A5/\x1CompObj
          CLSID:
          File Type:data
          Stream Size:94
          Entropy:4.345966460061678
          Base64 Encoded:False
          Data ASCII:. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
          Stream Path: MBD0004D5A5/\x1Ole, File Type: data, Stream Size: 62
          General
          Stream Path:MBD0004D5A5/\x1Ole
          CLSID:
          File Type:data
          Stream Size:62
          Entropy:2.7788384466112834
          Base64 Encoded:False
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 3 .
          Data Raw:01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 33 00
          Stream Path: MBD0004D5A5/CONTENTS, File Type: PDF document, version 1.7, 1 pages, Stream Size: 20909
          General
          Stream Path:MBD0004D5A5/CONTENTS
          CLSID:
          File Type:PDF document, version 1.7, 1 pages
          Stream Size:20909
          Entropy:7.967116806702583
          Base64 Encoded:True
          Data ASCII:% P D F - 1 . 7 . % . 1 0 o b j . < < . / T y p e / C a t a l o g . / P a g e s 2 0 R . / A c r o F o r m 3 0 R . > > . e n d o b j . 4 0 o b j . < < . / P r o d u c e r ( 3 . 0 . 4 \\ ( 5 . 0 . 8 \\ ) ) . / M o d D a t e ( D : 2 0 2 3 0 9 2 2 0 3 2 2 4 8 + 0 2 ' 0 0 ' ) . > > . e n d o b j . 2 0 o b j . < < . / T y p e / P a g e s . / K i d s [ 5 0 R ] . / C o u n t 1 . > > . e n d o b j . 3 0 o b j . < < . / F i e l d s [ ] . / D R 6 0 R . > > . e n d
          Data Raw:25 50 44 46 2d 31 2e 37 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 33 20 30 20 52 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 72 6f 64 75 63 65 72 20 28 33 2e 30 2e 34 20 5c 28 35 2e 30 2e 38 5c 29 20 29 0a 2f 4d 6f 64 44 61 74 65
          Stream Path: MBD0004D5A6/\x1CompObj, File Type: data, Stream Size: 99
          General
          Stream Path:MBD0004D5A6/\x1CompObj
          CLSID:
          File Type:data
          Stream Size:99
          Entropy:3.631242196770981
          Base64 Encoded:False
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
          Stream Path: MBD0004D5A6/Package, File Type: Microsoft Excel 2007+, Stream Size: 11582
          General
          Stream Path:MBD0004D5A6/Package
          CLSID:
          File Type:Microsoft Excel 2007+
          Stream Size:11582
          Entropy:7.131182866704616
          Base64 Encoded:True
          Data ASCII:P K . . . . . . . . . . ! . . o . . . L . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a2 c8 b4 f4 6f 01 00 00 4c 05 00 00 13 00 cb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Stream Path: MBD0004D5A7/\x1CompObj, File Type: data, Stream Size: 114
          General
          Stream Path:MBD0004D5A7/\x1CompObj
          CLSID:
          File Type:data
          Stream Size:114
          Entropy:4.25248375192737
          Base64 Encoded:True
          Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
          Stream Path: MBD0004D5A7/\x5DocumentSummaryInformation, File Type: data, Stream Size: 708
          General
          Stream Path:MBD0004D5A7/\x5DocumentSummaryInformation
          CLSID:
          File Type:data
          Stream Size:708
          Entropy:3.6235698530352805
          Base64 Encoded:True
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 20 02 00 00 dc 01 00 00 14 00 00 00 01 00 00 00 a8 00 00 00 02 00 00 00 b0 00 00 00 03 00 00 00 bc 00 00 00 0e 00 00 00 c8 00 00 00 0f 00 00 00 d4 00 00 00 04 00 00 00 e0 00 00 00 05 00 00 00
          Stream Path: MBD0004D5A7/\x5SummaryInformation, File Type: data, Stream Size: 23248
          General
          Stream Path:MBD0004D5A7/\x5SummaryInformation
          CLSID:
          File Type:data
          Stream Size:23248
          Entropy:3.0209455576978392
          Base64 Encoded:True
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . 4 . . . . . . . < . . . . . . . D . . . . . . . L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v i v i e n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 5a 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 e4 00 00 00 09 00 00 00 f4 00 00 00
          Stream Path: MBD0004D5A7/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 97808
          General
          Stream Path:MBD0004D5A7/Workbook
          CLSID:
          File Type:Applesoft BASIC program data, first line number 16
          Stream Size:97808
          Entropy:7.365046767513021
          Base64 Encoded:True
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . P . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . .
          Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
          Stream Path: MBD0004D5A8/\x1Ole, File Type: data, Stream Size: 654
          General
          Stream Path:MBD0004D5A8/\x1Ole
          CLSID:
          File Type:data
          Stream Size:654
          Entropy:5.97034304939504
          Base64 Encoded:False
          Data ASCII:. . . . . . y y { . . . . . . . . . . . . . . . . y . . . K . . . . . h . t . t . p . : . / . / . p . o . p . . . t . g . / . I . G . W . Y . r . . . m b . . [ m . + J M k i . . . 1 . . < v o ] . u . l + @ . . i 1 ` . . N s 4 ! . Z . 6 6 7 H : j R . 5 . 9 ? 5 W A N a c m g . . ] . X " g Q A . , + e 6 . n . . H | - J . . ' ! y Q q . . . c t R 5 5 k d = w ) K w % # 3 . | . L x n U * & M E t a w ) b 3 f M ] . j . 4 r . . . . . . . . . . . . . . . . . . . . 0 . u . S . u . q . R . q . B . B . 2 . V . c . r . B
          Data Raw:01 00 00 02 13 11 79 79 aa 87 f6 7b 00 00 00 00 00 00 00 00 00 00 00 00 1e 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 1a 01 00 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 70 00 6f 00 70 00 2e 00 74 00 67 00 2f 00 49 00 47 00 57 00 59 00 72 00 00 00 93 6d 62 a9 a1 c4 83 98 99 09 5b 6d 8d 84 f6 87 de bd df 2b 86 c3 4a c0 4d 6b 69 13 15 87 99 94 0f 31 b2 99 04 0d 3c 98
          Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 153327
          General
          Stream Path:Workbook
          CLSID:
          File Type:Applesoft BASIC program data, first line number 16
          Stream Size:153327
          Entropy:7.995468680670329
          Base64 Encoded:True
          Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . K # | . Y ^ n v . H v * : " Z . ^ 2 u . . . D . I G . . . . . . . 2 . . . \\ . p . . j 8 . l o ? N 5 C . H , T I h T b . ; C 4 . . . . ! L . Z ; { y 7 5 . z U . + . R \\ h ` B . I D Y . z . H % . L 8 B . . . K a . . . . . . . = . . . . \\ . . . . n 8 J . . . . . A . . . . < . . . . . . . . . . 3 . . . K . . . Y = . . . ~ . . . H . . b . y W @ . . . . . . . ( 1 " . . . / . . . . s . . . $ . . . . 1 . . . d b < [ k . S . t Q b . * Y w % 1 . . . v } . ^ 0
          Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 4b b4 23 7c 00 ee 59 5e 6e e5 76 7f 48 b0 76 2a a8 9f 3a d4 22 eb 5a 83 0d b3 5e ce 32 75 0c d0 a3 a8 cc d4 0a 44 1a a4 8d b0 d1 49 a2 fd c5 47 e1 00 02 00 b0 04 c1 00 02 00 32 d8 e2 00 00 00 5c 00 70 00 0d cd 6a 38 8c b7 9c 07 6c 6f 3f 4e 35 fb 43 ab b3 bd 9c 20 03 ec ee 48 2c 8c 54 ff c6 ee
          Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 529
          General
          Stream Path:_VBA_PROJECT_CUR/PROJECT
          CLSID:
          File Type:ASCII text, with CRLF line terminators
          Stream Size:529
          Entropy:5.199103071093012
          Base64 Encoded:True
          Data ASCII:I D = " { E D F 4 5 5 D F - 6 F 4 1 - 4 C 9 5 - A 2 4 0 - A C 3 8 2 7 8 C 5 5 6 C } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " D C D E 2 A 2 C D A 2 0 D E 2 0 D
          Data Raw:49 44 3d 22 7b 45 44 46 34 35 35 44 46 2d 36 46 34 31 2d 34 43 39 35 2d 41 32 34 30 2d 41 43 33 38 32 37 38 43 35 35 36 43 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
          Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
          General
          Stream Path:_VBA_PROJECT_CUR/PROJECTwm
          CLSID:
          File Type:data
          Stream Size:104
          Entropy:3.0488640812019017
          Base64 Encoded:False
          Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
          Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
          Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
          CLSID:
          File Type:data
          Stream Size:2644
          Entropy:3.9857273007538683
          Base64 Encoded:False
          Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
          Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
          Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/dir
          CLSID:
          File Type:data
          Stream Size:553
          Entropy:6.372466510213557
          Base64 Encoded:True
          Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . z - h . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2
          Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 a9 7a 2d 68 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Apr 18, 2024 10:17:58.958702087 CEST4916180192.168.2.22172.67.206.230
          Apr 18, 2024 10:17:59.062649012 CEST8049161172.67.206.230192.168.2.22
          Apr 18, 2024 10:17:59.062763929 CEST4916180192.168.2.22172.67.206.230
          Apr 18, 2024 10:17:59.062948942 CEST4916180192.168.2.22172.67.206.230
          Apr 18, 2024 10:17:59.166666031 CEST8049161172.67.206.230192.168.2.22
          Apr 18, 2024 10:17:59.302259922 CEST8049161172.67.206.230192.168.2.22
          Apr 18, 2024 10:17:59.302369118 CEST4916180192.168.2.22172.67.206.230
          Apr 18, 2024 10:17:59.673002005 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:17:59.673115969 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:17:59.673291922 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:17:59.678493023 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:17:59.678529978 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:17:59.910660982 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:17:59.910789013 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:17:59.916112900 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:17:59.916145086 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:17:59.916456938 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:17:59.916511059 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:17:59.984956980 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:00.028125048 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:00.226596117 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:00.226708889 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:00.226743937 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:00.226787090 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:00.226794004 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:00.226846933 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:00.226855040 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:00.226898909 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:00.226943016 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:00.227025032 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:00.228945017 CEST49162443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:00.228971004 CEST44349162172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.002264977 CEST4916180192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.106307030 CEST8049161172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.125278950 CEST8049161172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.125447035 CEST4916180192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.126827002 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.126919031 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.127038002 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.127465963 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.127496004 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.345757008 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.345849037 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.347780943 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.347809076 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.354965925 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.354979038 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.667049885 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.667162895 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.667227983 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.667290926 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.667308092 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.667367935 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.667381048 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.667434931 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.667447090 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.667490959 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.667500019 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.667555094 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.668521881 CEST49163443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.668554068 CEST44349163172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.724805117 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.724828959 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.724900961 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.725229025 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.725239992 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.726511002 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.726548910 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.726618052 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.727150917 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.727165937 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.944412947 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.944508076 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.945857048 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.945868969 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.947081089 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.947086096 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.947269917 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.947349072 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.993105888 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.993124008 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:20.994339943 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:20.994345903 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.256129026 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.256217003 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.256227970 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.256290913 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.256325006 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.256483078 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.256488085 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.256597996 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.256602049 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.256644011 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.256697893 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.256697893 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.256944895 CEST49164443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.256958008 CEST44349164172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.258174896 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.258225918 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.258287907 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.258758068 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.258778095 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263204098 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263258934 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263292074 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263312101 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.263324022 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263333082 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.263334036 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263367891 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.263376951 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263401031 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263422966 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263422966 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.263430119 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263441086 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.263467073 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.263472080 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263492107 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.263514042 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.263536930 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.264039040 CEST49165443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.264054060 CEST44349165172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.477853060 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.479231119 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.482845068 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.482858896 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.485562086 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.485569954 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.789832115 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.790011883 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.790081024 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.790112019 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.790164948 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.790175915 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.790338039 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.790410042 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.790419102 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.790465117 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.790473938 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.790513992 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.790528059 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.790581942 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.790641069 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.790692091 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.790743113 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.790790081 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.790854931 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.790900946 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.790958881 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.791003942 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.791079044 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.791121960 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.791179895 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.791265965 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.791273117 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.791309118 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.791346073 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.791398048 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.791439056 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.791630030 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.791676998 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.791685104 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.791723013 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.791733980 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.791784048 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.792001009 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.792048931 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.792082071 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.792121887 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.792148113 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.792188883 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.792196035 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.792234898 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.792241096 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.792275906 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.792299032 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.792705059 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.792767048 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.792774916 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.792829990 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.792870045 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.792876005 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.792912960 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.792917967 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.792953968 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.792958975 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.792994022 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.793539047 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.793589115 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.793622971 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.793659925 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.793673038 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.793713093 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.793721914 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.793760061 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.793767929 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.793807030 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.794405937 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.794450998 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.794473886 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.794511080 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.794519901 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.794564009 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.794570923 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.794606924 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.794612885 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.794647932 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.794652939 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.794687986 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.795422077 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.795475006 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.893589973 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.893682003 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.894898891 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.894968033 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.894980907 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.894999981 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.895054102 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.895107031 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.895327091 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.895400047 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.895406961 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.895436049 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.895473957 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.895490885 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.896223068 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.896300077 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.896318913 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.896332026 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.896363974 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.896456003 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.897068977 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.897126913 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.897141933 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.897200108 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.897211075 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.897258043 CEST44349167172.67.206.230192.168.2.22
          Apr 18, 2024 10:18:21.897310972 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.897371054 CEST49167443192.168.2.22172.67.206.230
          Apr 18, 2024 10:18:21.897401094 CEST44349167172.67.206.230192.168.2.22

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Apr 18, 2024 10:17:58.743761063 CEST5456253192.168.2.228.8.8.8
          Apr 18, 2024 10:17:58.952975035 CEST53545628.8.8.8192.168.2.22
          Apr 18, 2024 10:17:59.309333086 CEST5291753192.168.2.228.8.8.8
          Apr 18, 2024 10:17:59.672473907 CEST53529178.8.8.8192.168.2.22

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Apr 18, 2024 10:17:58.743761063 CEST192.168.2.228.8.8.80xaa6aStandard query (0)pop.tgA (IP address)IN (0x0001)false
          Apr 18, 2024 10:17:59.309333086 CEST192.168.2.228.8.8.80x7e31Standard query (0)www.pop.tgA (IP address)IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Apr 18, 2024 10:17:58.952975035 CEST8.8.8.8192.168.2.220xaa6aNo error (0)pop.tg172.67.206.230A (IP address)IN (0x0001)false
          Apr 18, 2024 10:17:58.952975035 CEST8.8.8.8192.168.2.220xaa6aNo error (0)pop.tg104.21.15.201A (IP address)IN (0x0001)false
          Apr 18, 2024 10:17:59.672473907 CEST8.8.8.8192.168.2.220x7e31No error (0)www.pop.tg172.67.206.230A (IP address)IN (0x0001)false
          Apr 18, 2024 10:17:59.672473907 CEST8.8.8.8192.168.2.220x7e31No error (0)www.pop.tg104.21.15.201A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • www.pop.tg
          • https:
          • pop.tg

          HTTP Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.2249161172.67.206.23080808C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          TimestampBytes transferredDirectionData
          Apr 18, 2024 10:17:59.062948942 CEST318OUTGET /IGWYr HTTP/1.1
          Accept: */*
          UA-CPU: AMD64
          Accept-Encoding: gzip, deflate
          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
          Host: pop.tg
          Connection: Keep-Alive
          Apr 18, 2024 10:17:59.302259922 CEST951INHTTP/1.1 302 Found
          Date: Thu, 18 Apr 2024 08:17:59 GMT
          Content-Type: text/html; charset=UTF-8
          Content-Length: 353
          Connection: keep-alive
          Location: https://www.pop.tg
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2TDTRpry%2BIBpqunHRiiEeMdTPm1ZHzcGwPFVAwD%2F5ndE%2B56tcMk6tlilAzQ276Wf4dlBBeUYsHlUmYyiDvLGvwn0gdk5ua%2FFs%2FMkl8RQk4tA%2FZN7IhB%2B8KI%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Vary: Accept-Encoding
          Server: cloudflare
          CF-RAY: 876338b86c3b12e6-ATL
          alt-svc: h3=":443"; ma=86400
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 68 31 3e 3c 70 3e 54 68 69 73 20 69 73 20 61 20 72 65 64 69 72 65 63 74 20 70 61 67 65 20 74 6f 3c 63 6f 64 65 3e 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 6f 70 2e 74 67 20 3c 2f 63 6f 64 65 3e 3c 2f 70 3e 3c 70 3e 54 68 65 20 70 72 6f 63 65 73 73 20 73 68 6f 75 6c 64 20 62 65 20 64 6f 6e 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 62 79 20 79 6f 75 72 20 62 72 6f 77 73 65 72 3c 2f 70 3e 3c 62 72 20 2f 3e 3c 73 70 61 6e 3e 3c 6c 61 62 65 6c 3e 49 66 20 6e 6f 74 2c 20 63 6c 69 63 6b 3a 20 3c 2f 6c 61 62 65 6c 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 6f 70 2e 74 67 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>Redirecting...</title></head><body><h1>Redirecting</h1><p>This is a redirect page to<code> https://www.pop.tg </code></p><p>The process should be done automatically by your browser</p><br /><span><label>If not, click: </label><a href="https://www.pop.tg">here</a></span></body></html>
          Apr 18, 2024 10:18:20.002264977 CEST318OUTGET /IGWYr HTTP/1.1
          Accept: */*
          UA-CPU: AMD64
          Accept-Encoding: gzip, deflate
          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
          Host: pop.tg
          Connection: Keep-Alive
          Apr 18, 2024 10:18:20.125278950 CEST939INHTTP/1.1 302 Found
          Date: Thu, 18 Apr 2024 08:18:20 GMT
          Content-Type: text/html; charset=UTF-8
          Content-Length: 353
          Connection: keep-alive
          Location: https://www.pop.tg
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7uDoaQk13PaS5WC%2BIzK0W0zLAmAtX3nfJCUlNYOAa2kG7M5HxAOA4f01fUOpUz003jVwFZIQa7jknk1vX6ElNBCpWoNxu0364M5h60KtZv1ASI5uPzSVbHw%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Vary: Accept-Encoding
          Server: cloudflare
          CF-RAY: 8763393b4e1b12e6-ATL
          alt-svc: h3=":443"; ma=86400
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 68 31 3e 3c 70 3e 54 68 69 73 20 69 73 20 61 20 72 65 64 69 72 65 63 74 20 70 61 67 65 20 74 6f 3c 63 6f 64 65 3e 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 6f 70 2e 74 67 20 3c 2f 63 6f 64 65 3e 3c 2f 70 3e 3c 70 3e 54 68 65 20 70 72 6f 63 65 73 73 20 73 68 6f 75 6c 64 20 62 65 20 64 6f 6e 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 62 79 20 79 6f 75 72 20 62 72 6f 77 73 65 72 3c 2f 70 3e 3c 62 72 20 2f 3e 3c 73 70 61 6e 3e 3c 6c 61 62 65 6c 3e 49 66 20 6e 6f 74 2c 20 63 6c 69 63 6b 3a 20 3c 2f 6c 61 62 65 6c 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 6f 70 2e 74 67 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>Redirecting...</title></head><body><h1>Redirecting</h1><p>This is a redirect page to<code> https://www.pop.tg </code></p><p>The process should be done automatically by your browser</p><br /><span><label>If not, click: </label><a href="https://www.pop.tg">here</a></span></body></html>


          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.2249162172.67.206.230443808C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          TimestampBytes transferredDirectionData
          2024-04-18 08:17:59 UTC317OUTGET / HTTP/1.1
          Accept: */*
          UA-CPU: AMD64
          Accept-Encoding: gzip, deflate
          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
          Host: www.pop.tg
          Connection: Keep-Alive
          2024-04-18 08:18:00 UTC830INHTTP/1.1 200 OK
          Date: Thu, 18 Apr 2024 08:18:00 GMT
          Content-Type: text/html; charset=utf-8
          Transfer-Encoding: chunked
          Connection: close
          access-control-allow-origin: *
          Age: 7301365
          Cache-Control: public, max-age=0, must-revalidate
          content-disposition: inline; filename="index.html"
          strict-transport-security: max-age=63072000
          x-vercel-cache: HIT
          x-vercel-id: iad1::2kk76-1713428280143-53f52af4b4c8
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XYaTWU8eEEVGJ5DZx6mVlI%2B679aBdRdHYqaEdANqqAQCkMglOWYECl%2FewrKoHaVgnQieyOsma4RSjIqZcFHN8c3nXbBWELkEWgzDqVdipCWT9L0DAR4MnjEnTLag"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 876338be8be3b0ed-ATL
          alt-svc: h3=":443"; ma=86400
          2024-04-18 08:18:00 UTC539INData Raw: 36 38 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 3c 74 69 74 6c 65 3e 50 6f 70 2e 74 67 20 7c 20 55 52 4c 20 73 68 6f 72 74 65 6e 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 66 6f 6c 6c 6f 77 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 62 6f 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64
          Data Ascii: 686<!DOCTYPE html><html prefix="og: http://ogp.me/ns#"><head><meta charset="utf8"><meta name="viewport" content="width=device-width"><title>Pop.tg | URL shortener</title><meta name="robots" content="index,follow"><meta name="googlebot" content="ind
          2024-04-18 08:18:00 UTC1138INData Raw: 2c 20 73 68 6f 72 74 65 6e 20 75 72 6c 2c 20 73 68 6f 72 74 65 6e 20 6c 69 6e 6b 73 2c 20 75 72 6c 2c 20 6c 69 6e 6b 2c 20 75 72 6c 20 72 65 64 69 72 65 63 74 2c 20 73 68 6f 72 74 65 72 20 6c 69 6e 6b 2c 20 63 75 73 74 6f 6d 69 7a 65 20 75 72 6c 2c 20 63 75 73 74 6f 6d 69 7a 65 20 6c 69 6e 6b 2c 20 75 72 6c 20 73 68 6f 72 74 65 6e 65 72 20 6e 6f 20 61 64 73 2c 20 75 72 6c 20 73 68 6f 72 74 65 6e 65 72 20 77 69 74 68 6f 75 74 20 61 64 73 2c 20 70 6f 70 2e 74 67 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 6f 70 2e 74 67 20 7c 20 55 52 4c 20 73 68 6f 72 74 65 6e 65 72 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65
          Data Ascii: , shorten url, shorten links, url, link, url redirect, shorter link, customize url, customize link, url shortener no ads, url shortener without ads, pop.tg"><meta property="og:title" content="Pop.tg | URL shortener"><meta property="og:description" conte
          2024-04-18 08:18:00 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.2249163172.67.206.230443808C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          TimestampBytes transferredDirectionData
          2024-04-18 08:18:20 UTC317OUTGET / HTTP/1.1
          Accept: */*
          UA-CPU: AMD64
          Accept-Encoding: gzip, deflate
          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
          Host: www.pop.tg
          Connection: Keep-Alive
          2024-04-18 08:18:20 UTC830INHTTP/1.1 200 OK
          Date: Thu, 18 Apr 2024 08:18:20 GMT
          Content-Type: text/html; charset=utf-8
          Transfer-Encoding: chunked
          Connection: close
          access-control-allow-origin: *
          Age: 7301386
          Cache-Control: public, max-age=0, must-revalidate
          content-disposition: inline; filename="index.html"
          strict-transport-security: max-age=63072000
          x-vercel-cache: HIT
          x-vercel-id: iad1::fd6md-1713428300587-f772e9a06e49
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3S3mq00TKG22ZiFhNU5MWTaqw6xOioJLpXgqgDodEyB80I4YctY5BnsTWmq%2ByMOoJFOjb%2BgtSEBADyrR4suHq7xcLnuaMhbX70XTh3eUyjJHGjAM6GNgEMUFqm3b"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 8763393e5eafb0a5-ATL
          alt-svc: h3=":443"; ma=86400
          2024-04-18 08:18:20 UTC539INData Raw: 36 38 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 3c 74 69 74 6c 65 3e 50 6f 70 2e 74 67 20 7c 20 55 52 4c 20 73 68 6f 72 74 65 6e 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 66 6f 6c 6c 6f 77 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 62 6f 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64
          Data Ascii: 686<!DOCTYPE html><html prefix="og: http://ogp.me/ns#"><head><meta charset="utf8"><meta name="viewport" content="width=device-width"><title>Pop.tg | URL shortener</title><meta name="robots" content="index,follow"><meta name="googlebot" content="ind
          2024-04-18 08:18:20 UTC1138INData Raw: 2c 20 73 68 6f 72 74 65 6e 20 75 72 6c 2c 20 73 68 6f 72 74 65 6e 20 6c 69 6e 6b 73 2c 20 75 72 6c 2c 20 6c 69 6e 6b 2c 20 75 72 6c 20 72 65 64 69 72 65 63 74 2c 20 73 68 6f 72 74 65 72 20 6c 69 6e 6b 2c 20 63 75 73 74 6f 6d 69 7a 65 20 75 72 6c 2c 20 63 75 73 74 6f 6d 69 7a 65 20 6c 69 6e 6b 2c 20 75 72 6c 20 73 68 6f 72 74 65 6e 65 72 20 6e 6f 20 61 64 73 2c 20 75 72 6c 20 73 68 6f 72 74 65 6e 65 72 20 77 69 74 68 6f 75 74 20 61 64 73 2c 20 70 6f 70 2e 74 67 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 6f 70 2e 74 67 20 7c 20 55 52 4c 20 73 68 6f 72 74 65 6e 65 72 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65
          Data Ascii: , shorten url, shorten links, url, link, url redirect, shorter link, customize url, customize link, url shortener no ads, url shortener without ads, pop.tg"><meta property="og:title" content="Pop.tg | URL shortener"><meta property="og:description" conte
          2024-04-18 08:18:20 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.2249165172.67.206.230443808C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          TimestampBytes transferredDirectionData
          2024-04-18 08:18:20 UTC384OUTGET /dist/main.css HTTP/1.1
          Accept: */*
          Referer: https://www.pop.tg/
          Accept-Language: en-US
          UA-CPU: AMD64
          Accept-Encoding: gzip, deflate
          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
          Host: www.pop.tg
          Connection: Keep-Alive
          2024-04-18 08:18:21 UTC943INHTTP/1.1 200 OK
          Date: Thu, 18 Apr 2024 08:18:21 GMT
          Content-Type: text/css; charset=utf-8
          Transfer-Encoding: chunked
          Connection: close
          Cache-Control: public, max-age=14400, must-revalidate
          Cf-Bgj: minify
          Cf-Polished: origSize=9054
          access-control-allow-origin: *
          content-disposition: inline; filename="main.css"
          etag: W/"1548f3a5324c49f004047b173a2a358687bca726fdefad3854fc659d3c06299e"
          strict-transport-security: max-age=63072000
          x-vercel-cache: HIT
          x-vercel-id: iad1::z574t-1713417654601-b3e4f467391e
          CF-Cache-Status: REVALIDATED
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3oIcIQ0AHVkX%2BsXuqt2q35LcZsL%2BSCknh%2BXFKOWu3xyyklZGwAKy0i1Ze4HXvSCZwBM6tAa98Ul0cUcVo3vaWaacbLB1PzfIqgY9iJRypXr60TWawDCzxAYMOqTt"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 87633942197b44e2-ATL
          alt-svc: h3=":443"; ma=86400
          2024-04-18 08:18:21 UTC426INData Raw: 32 33 31 35 0d 0a 2e 6c 69 6e 6b 73 2e 73 76 65 6c 74 65 2d 62 69 6f 6c 69 36 2e 73 76 65 6c 74 65 2d 62 69 6f 6c 69 36 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 6c 65 66 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 70 61 64 64 69 6e 67 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 7a 2d 69 6e 64 65 78 3a 35 30 30 30 7d 2e 6c 69 6e 6b 73 2e 73 76 65 6c 74 65 2d 62 69 6f 6c 69 36 20 61 2e 73 76 65 6c 74 65 2d 62 69 6f 6c 69 36 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 72 65 6d 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 62 74 6e 73 2e 73 76 65 6c 74 65 2d 31 64 65 79 62 64 7a 2e
          Data Ascii: 2315.links.svelte-bioli6.svelte-bioli6{position:fixed;left:0;bottom:0;padding:1rem;line-height:normal;display:flex;flex-direction:column;z-index:5000}.links.svelte-bioli6 a.svelte-bioli6{margin-top:1rem;cursor:pointer;display:block}.btns.svelte-1deybdz.
          2024-04-18 08:18:21 UTC1369INData Raw: 74 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 34 72 65 6d 3b 77 69 64 74 68 3a 38 72 65 6d 3b 61 6e 69 6d 61 74 69 6f 6e 3a 69 6e 20 2e 33 73 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 30 66 30 66 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 63 6f 6c 6f 72 3a 23 31 36 31 36 31 36 7d 2e 62 74 6e 73 2e 73 76 65 6c 74 65 2d 31 64 65 79 62 64 7a 20 62 75 74 74 6f 6e 2e 73 76 65 6c 74 65 2d 31 64 65 79 62 64 7a 3a 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 22 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 7a 2d 69 6e 64 65 78 3a 2d 31 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 70 61 63 69 74 79 3a 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75
          Data Ascii: t;margin-top:.4rem;width:8rem;animation:in .3s;border:none;background:#f0f0f0;cursor:pointer;color:#161616}.btns.svelte-1deybdz button.svelte-1deybdz::after{content:"";position:absolute;top:0;left:0;z-index:-1;width:100%;height:100%;opacity:0;border-radiu
          2024-04-18 08:18:21 UTC1369INData Raw: 72 74 73 2e 73 76 65 6c 74 65 2d 31 64 65 79 62 64 7a 2e 73 76 65 6c 74 65 2d 31 64 65 79 62 64 7a 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 64 74 68 3a 6d 69 6e 28 6d 61 78 28 34 30 25 2c 33 32 72 65 6d 29 2c 38 30 25 29 3b 6d 61 72 67 69 6e 3a 31 72 65 6d 20 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 70 61 64 64 69 6e 67 3a 30 20 31 2e 35 72 65 6d 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 34 72 65 6d 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 32 70 78 20 30 20 23 66 63 61 35 61 38 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 72 65 64 29 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23
          Data Ascii: rts.svelte-1deybdz.svelte-1deybdz{position:relative;width:min(max(40%,32rem),80%);margin:1rem 0;display:flex;padding:0 1.5rem;align-items:center;height:4rem;box-shadow:0 0 2px 0 #fca5a8;border-radius:3px;color:var(--red);font-weight:700;background-color:#
          2024-04-18 08:18:21 UTC1369INData Raw: 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 61 63 6b 67 72 6f 75 6e 64 20 2e 33 73 20 65 61 73 65 2c 62 6f 78 2d 73 68 61 64 6f 77 20 2e 33 73 20 65 61 73 65 7d 2e 68 69 73 74 6f 72 79 2e 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 2e 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 3a 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 22 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 7a 2d 69 6e 64 65 78 3a 2d 31 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 70 61 63 69 74 79 3a 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 32 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 2e 68 69 73 74 6f 72 79
          Data Ascii: order-radius:3px;transition:background .3s ease,box-shadow .3s ease}.history.svelte-1wbcot8.svelte-1wbcot8::after{content:"";position:absolute;top:0;z-index:-1;width:100%;height:100%;opacity:0;border-radius:3px;box-shadow:0 0 2px 0 rgba(0,0,0,.2)}.history
          2024-04-18 08:18:21 UTC1369INData Raw: 74 65 2d 31 77 62 63 6f 74 38 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 75 72 6c 73 2e 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 20 70 2e 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 63 6f 6c 6f 72 3a 23 33 66 33 66 33 66 61 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 72 65 6d 3b 74 6f 70 3a 2e 34 72 65 6d 7d 2e 75 72 6c 73 2e 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 20 70 2e 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 3a 6c 61 73 74 2d 63 68 69 6c 64 7b 63 6f 6c 6f 72 3a
          Data Ascii: te-1wbcot8{display:inline-block;position:relative;white-space:nowrap;text-overflow:ellipsis;overflow:hidden}.urls.svelte-1wbcot8 p.svelte-1wbcot8:first-child{color:#3f3f3fad;font-size:.8rem;top:.4rem}.urls.svelte-1wbcot8 p.svelte-1wbcot8:last-child{color:
          2024-04-18 08:18:21 UTC1369INData Raw: 65 6c 74 65 2d 31 77 62 63 6f 74 38 7b 61 6e 69 6d 61 74 69 6f 6e 3a 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 2d 6c 65 66 74 2d 74 6f 2d 72 69 67 68 74 2d 70 20 31 73 3b 6c 65 66 74 3a 36 72 65 6d 7d 2e 65 72 72 6f 72 2e 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 20 70 2e 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 7b 61 6e 69 6d 61 74 69 6f 6e 3a 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 2d 6c 65 66 74 2d 74 6f 2d 72 69 67 68 74 2d 70 20 31 73 3b 6c 65 66 74 3a 36 72 65 6d 7d 2e 6c 6f 61 64 69 6e 67 2d 69 63 6f 6e 2e 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 2e 73 76 65 6c 74 65 2d 31 77 62 63 6f 74 38 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 72 65 6d 3b 61 6e 69 6d 61 74 69 6f 6e
          Data Ascii: elte-1wbcot8{animation:svelte-1wbcot8-left-to-right-p 1s;left:6rem}.error.svelte-1wbcot8 p.svelte-1wbcot8{animation:svelte-1wbcot8-left-to-right-p 1s;left:6rem}.loading-icon.svelte-1wbcot8.svelte-1wbcot8{display:block;color:#fff;font-size:1.3rem;animation
          2024-04-18 08:18:21 UTC1369INData Raw: 6f 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 37 72 65 6d 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 38 70 78 20 32 30 70 78 20 72 67 62 28 30 20 30 20 30 2f 36 25 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 74 65 78 74 2d 69 6e 70 75 74 2e 73 76 65 6c 74 65 2d 31 6c 79 33 79 35 6f 2e 73 76 65 6c 74 65 2d 31 6c 79 33 79 35 6f 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 33 2e 35 72 65 6d 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 66 6c 65 78 2d 73 74 61 72 74 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 31 73 20 65 61 73 65 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 70 61 64 64 69
          Data Ascii: o{width:100%;height:7rem;box-shadow:0 8px 20px rgb(0 0 0/6%);border-radius:5px;background-color:#fff}.text-input.svelte-1ly3y5o.svelte-1ly3y5o{width:100%;height:3.5rem;justify-content:flex-start;transition:all .1s ease;position:relative;display:flex;paddi
          2024-04-18 08:18:21 UTC349INData Raw: 63 2d 62 65 7a 69 65 72 28 2e 33 31 2c 2e 34 2c 2e 33 36 2c 31 29 7d 2e 69 6e 6c 69 6e 65 2d 62 75 74 74 6f 6e 2e 73 76 65 6c 74 65 2d 32 62 72 63 76 78 2e 73 76 65 6c 74 65 2d 32 62 72 63 76 78 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 68 6f 76 65 72 2d 63 6f 6c 6f 72 29 7d 2e 69 6e 6c 69 6e 65 2d 62 75 74 74 6f 6e 2e 68 69 64 64 65 6e 2e 73 76 65 6c 74 65 2d 32 62 72 63 76 78 2e 73 76 65 6c 74 65 2d 32 62 72 63 76 78 7b 6f 70 61 63 69 74 79 3a 30 7d 2e 69 6e 6c 69 6e 65 2d 62 75 74 74 6f 6e 2e 73 76 65 6c 74 65 2d 32 62 72 63 76 78 20 69 2e 73 76 65 6c 74 65 2d 32 62 72 63 76 78 7b 63 6f 6c 6f 72 3a 23 33 66 33 66 33 66 63 63 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 31 73 20 63 75 62 69 63 2d 62
          Data Ascii: c-bezier(.31,.4,.36,1)}.inline-button.svelte-2brcvx.svelte-2brcvx:hover{background-color:var(--hover-color)}.inline-button.hidden.svelte-2brcvx.svelte-2brcvx{opacity:0}.inline-button.svelte-2brcvx i.svelte-2brcvx{color:#3f3f3fcc;transition:all .1s cubic-b
          2024-04-18 08:18:21 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          3192.168.2.2249164172.67.206.230443808C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          TimestampBytes transferredDirectionData
          2024-04-18 08:18:20 UTC381OUTGET /global.css HTTP/1.1
          Accept: */*
          Referer: https://www.pop.tg/
          Accept-Language: en-US
          UA-CPU: AMD64
          Accept-Encoding: gzip, deflate
          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
          Host: www.pop.tg
          Connection: Keep-Alive
          2024-04-18 08:18:21 UTC941INHTTP/1.1 200 OK
          Date: Thu, 18 Apr 2024 08:18:21 GMT
          Content-Type: text/css; charset=utf-8
          Transfer-Encoding: chunked
          Connection: close
          Cache-Control: public, max-age=14400, must-revalidate
          Cf-Bgj: minify
          Cf-Polished: origSize=2284
          access-control-allow-origin: *
          content-disposition: inline; filename="global.css"
          etag: W/"5acb9ca94b70fd0704e31cf5b4d3ae786d426f5d69d435bcd1e1f1d8826113f8"
          strict-transport-security: max-age=63072000
          x-vercel-cache: HIT
          x-vercel-id: iad1::kcwrf-1713413691821-45aac72b9d88
          CF-Cache-Status: REVALIDATED
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rqGUlurxFr6MHJQGHC0Tr2ZnZUry46jwI3Pi5xLGTIfltSYvjn8ECebynosFfiFOzqGLLm%2FzflbL2dLky8sk4WReaiLUDvwtDJpNJaOYlszXVBZeGcLb9rQi4pJb"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 8763394219ceb099-ATL
          alt-svc: h3=":443"; ma=86400
          2024-04-18 08:18:21 UTC428INData Raw: 38 64 39 0d 0a 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 63 6f 6e 66 6f 6e 74 3b 73 72 63 3a 75 72 6c 28 2f 2f 61 74 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 74 2f 66 6f 6e 74 5f 32 37 31 34 36 30 34 5f 39 6c 62 32 78 39 6c 67 68 33 6a 2e 77 6f 66 66 32 3f 74 3d 31 36 32 37 38 34 39 30 32 33 33 31 37 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 32 22 29 2c 75 72 6c 28 2f 2f 61 74 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 74 2f 66 6f 6e 74 5f 32 37 31 34 36 30 34 5f 39 6c 62 32 78 39 6c 67 68 33 6a 2e 77 6f 66 66 3f 74 3d 31 36 32 37 38 34 39 30 32 33 33 31 37 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 75 72 6c 28 2f 2f 61 74 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 74 2f 66 6f 6e 74 5f 32 37 31 34 36 30 34 5f 39 6c 62 32 78 39 6c 67 68
          Data Ascii: 8d9@font-face{font-family:iconfont;src:url(//at.alicdn.com/t/font_2714604_9lb2x9lgh3j.woff2?t=1627849023317) format("woff2"),url(//at.alicdn.com/t/font_2714604_9lb2x9lgh3j.woff?t=1627849023317) format("woff"),url(//at.alicdn.com/t/font_2714604_9lb2x9lgh
          2024-04-18 08:18:21 UTC1369INData Raw: 64 2c 6c 69 2c 6f 6c 2c 70 2c 70 72 65 2c 74 65 78 74 61 72 65 61 2c 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 33 33 33 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 38 70 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 4f 78 79 67 65 6e 2d 53 61 6e 73 2c 55 62 75 6e 74 75 2c 43 61 6e 74 61 72 65 6c 6c 2c 68 65 6c 76 65 74 69 63 61 20 6e 65 75 65 2c 73 61 6e 73 2d 73 65 72 69 66 7d 61 7b 63 6f 6c 6f 72 3a 23 30 30 36 34 63 38 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e
          Data Ascii: d,li,ol,p,pre,textarea,ul{margin:0;padding:0}body{color:#333;margin:0;padding:8px;box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Oxygen-Sans,Ubuntu,Cantarell,helvetica neue,sans-serif}a{color:#0064c8;text-decoration:non
          2024-04-18 08:18:21 UTC475INData Raw: 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 63 6f 6e 66 6f 6e 74 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 2e 32 70 78 3b 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 7d 2e 62 6f 78 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 36 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 2e 35 65 6d 20 31 65 6d 20 2d 2e 31 32 35 65 6d 20 72 67 62 28 31 30 20 31 30 20 31 30 2f 31 30 25 29
          Data Ascii: ont-family:iconfont!important;font-size:16px;font-style:normal;-webkit-font-smoothing:antialiased;-webkit-text-stroke-width:.2px;-moz-osx-font-smoothing:grayscale}.box{background-color:#fff;border-radius:6px;box-shadow:0 .5em 1em -.125em rgb(10 10 10/10%)
          2024-04-18 08:18:21 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          4192.168.2.2249167172.67.206.230443808C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          TimestampBytes transferredDirectionData
          2024-04-18 08:18:21 UTC383OUTGET /dist/main.js HTTP/1.1
          Accept: */*
          Referer: https://www.pop.tg/
          Accept-Language: en-US
          UA-CPU: AMD64
          Accept-Encoding: gzip, deflate
          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
          Host: www.pop.tg
          Connection: Keep-Alive
          2024-04-18 08:18:21 UTC957INHTTP/1.1 200 OK
          Date: Thu, 18 Apr 2024 08:18:21 GMT
          Content-Type: application/javascript; charset=utf-8
          Transfer-Encoding: chunked
          Connection: close
          Cache-Control: public, max-age=14400, must-revalidate
          Cf-Bgj: minify
          Cf-Polished: origSize=90915
          access-control-allow-origin: *
          content-disposition: inline; filename="main.js"
          etag: W/"9b97069167cc97adcc7489bdae43dd482b41a48a727f899da5d2d61acc5deb94"
          strict-transport-security: max-age=63072000
          x-vercel-cache: HIT
          x-vercel-id: iad1::hkpgw-1713413692753-1c11cf6b16c5
          CF-Cache-Status: REVALIDATED
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ynweyNu7Dy1wvsjtEoAvOfqvLH5pYB32iUJNPCq8J0zGZUMjr48iGt8axX4WcKPyxDz2CyqthOAxcgaaV6ci0URKvNez%2BMbE8RDycyiogsZZqe%2FmCKoY%2FeheN6J5"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 876339456f296750-ATL
          alt-svc: h3=":443"; ma=86400
          2024-04-18 08:18:21 UTC412INData Raw: 37 62 66 31 0d 0a 66 75 6e 63 74 69 6f 6e 20 55 28 29 7b 7d 76 61 72 20 68 74 3d 65 3d 3e 65 3b 66 75 6e 63 74 69 6f 6e 20 62 73 28 65 2c 74 29 7b 66 6f 72 28 6c 65 74 20 72 20 69 6e 20 74 29 65 5b 72 5d 3d 74 5b 72 5d 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 6e 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 28 29 7d 66 75 6e 63 74 69 6f 6e 20 73 6e 28 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 7d 66 75 6e 63 74 69 6f 6e 20 58 28 65 29 7b 65 2e 66 6f 72 45 61 63 68 28 6e 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 42 74 28 65 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 7d 66 75 6e 63 74 69 6f 6e 20 51 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 21 3d 65 3f 74 3d 3d 74 3a 65
          Data Ascii: 7bf1function U(){}var ht=e=>e;function bs(e,t){for(let r in t)e[r]=t[r];return e}function nn(e){return e()}function sn(){return Object.create(null)}function X(e){e.forEach(nn)}function Bt(e){return typeof e=="function"}function Q(e,t){return e!=e?t==t:e
          2024-04-18 08:18:21 UTC1369INData Raw: 7d 7d 66 75 6e 63 74 69 6f 6e 20 6f 6e 28 65 2c 74 2c 72 2c 6e 29 7b 72 65 74 75 72 6e 20 65 5b 31 5d 26 26 6e 3f 62 73 28 72 2e 63 74 78 2e 73 6c 69 63 65 28 29 2c 65 5b 31 5d 28 6e 28 74 29 29 29 3a 72 2e 63 74 78 7d 66 75 6e 63 74 69 6f 6e 20 57 74 28 65 2c 74 2c 72 2c 6e 29 7b 69 66 28 65 5b 32 5d 26 26 6e 29 7b 6c 65 74 20 69 3d 65 5b 32 5d 28 6e 28 72 29 29 3b 69 66 28 74 2e 64 69 72 74 79 3d 3d 3d 76 6f 69 64 20 30 29 72 65 74 75 72 6e 20 69 3b 69 66 28 74 79 70 65 6f 66 20 69 3d 3d 22 6f 62 6a 65 63 74 22 29 7b 6c 65 74 20 73 3d 5b 5d 2c 6f 3d 4d 61 74 68 2e 6d 61 78 28 74 2e 64 69 72 74 79 2e 6c 65 6e 67 74 68 2c 69 2e 6c 65 6e 67 74 68 29 3b 66 6f 72 28 6c 65 74 20 61 3d 30 3b 61 3c 6f 3b 61 2b 3d 31 29 73 5b 61 5d 3d 74 2e 64 69 72 74 79 5b 61
          Data Ascii: }}function on(e,t,r,n){return e[1]&&n?bs(r.ctx.slice(),e[1](n(t))):r.ctx}function Wt(e,t,r,n){if(e[2]&&n){let i=e[2](n(r));if(t.dirty===void 0)return i;if(typeof i=="object"){let s=[],o=Math.max(t.dirty.length,i.length);for(let a=0;a<o;a+=1)s[a]=t.dirty[a
          2024-04-18 08:18:21 UTC1369INData Raw: 72 65 74 75 72 6e 20 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 72 2c 6e 29 2c 28 29 3d 3e 65 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 72 2c 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 5a 65 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 2c 65 2e 63 61 6c 6c 28 74 68 69 73 2c 74 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 59 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 74 61 72 67 65 74 3d 3d 3d 74 68 69 73 26 26 65 2e 63 61 6c 6c 28 74 68 69 73 2c 74 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 79 28 65 2c 74 2c 72 29 7b 72 3d 3d 6e 75 6c 6c 3f 65 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 74
          Data Ascii: return e.addEventListener(t,r,n),()=>e.removeEventListener(t,r,n)}function Ze(e){return function(t){return t.stopPropagation(),e.call(this,t)}}function Yt(e){return function(t){t.target===this&&e.call(this,t)}}function y(e,t,r){r==null?e.removeAttribute(t
          2024-04-18 08:18:21 UTC1369INData Raw: 3d 72 2e 6c 65 6e 67 74 68 2d 6e 2e 6c 65 6e 67 74 68 3b 69 26 26 28 65 2e 73 74 79 6c 65 2e 61 6e 69 6d 61 74 69 6f 6e 3d 6e 2e 6a 6f 69 6e 28 22 2c 20 22 29 2c 6d 74 2d 3d 69 2c 6d 74 7c 7c 43 73 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 43 73 28 29 7b 4a 74 28 28 29 3d 3e 7b 6d 74 7c 7c 28 58 74 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6c 65 74 20 74 3d 65 2e 5f 5f 73 76 65 6c 74 65 5f 73 74 79 6c 65 73 68 65 65 74 2c 72 3d 74 2e 63 73 73 52 75 6c 65 73 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 3b 72 2d 2d 3b 29 74 2e 64 65 6c 65 74 65 52 75 6c 65 28 72 29 3b 65 2e 5f 5f 73 76 65 6c 74 65 5f 72 75 6c 65 73 3d 7b 7d 7d 29 2c 58 74 2e 63 6c 65 61 72 28 29 29 7d 29 7d 76 61 72 20 67 74 3b 66 75 6e 63 74 69 6f 6e 20 79 74 28 65 29 7b 67 74 3d 65 7d 66 75 6e 63 74 69
          Data Ascii: =r.length-n.length;i&&(e.style.animation=n.join(", "),mt-=i,mt||Cs())}function Cs(){Jt(()=>{mt||(Xt.forEach(e=>{let t=e.__svelte_stylesheet,r=t.cssRules.length;for(;r--;)t.deleteRule(r);e.__svelte_rules={}}),Xt.clear())})}var gt;function yt(e){gt=e}functi
          2024-04-18 08:18:21 UTC1369INData Raw: 29 2c 59 65 2e 74 68 65 6e 28 28 29 3d 3e 7b 59 65 3d 6e 75 6c 6c 7d 29 29 2c 59 65 7d 66 75 6e 63 74 69 6f 6e 20 58 65 28 65 2c 74 2c 72 29 7b 65 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 64 6e 28 60 24 7b 74 3f 22 69 6e 74 72 6f 22 3a 22 6f 75 74 72 6f 22 7d 24 7b 72 7d 60 29 29 7d 76 61 72 20 6b 74 3d 6e 65 77 20 53 65 74 2c 67 65 3b 66 75 6e 63 74 69 6f 6e 20 51 65 28 29 7b 67 65 3d 7b 72 3a 30 2c 63 3a 5b 5d 2c 70 3a 67 65 7d 7d 66 75 6e 63 74 69 6f 6e 20 65 74 28 29 7b 67 65 2e 72 7c 7c 58 28 67 65 2e 63 29 2c 67 65 3d 67 65 2e 70 7d 66 75 6e 63 74 69 6f 6e 20 50 28 65 2c 74 29 7b 65 26 26 65 2e 69 26 26 28 6b 74 2e 64 65 6c 65 74 65 28 65 29 2c 65 2e 69 28 74 29 29 7d 66 75 6e 63 74 69 6f 6e 20 48 28 65 2c 74 2c 72 2c 6e 29 7b 69 66 28 65 26 26
          Data Ascii: ),Ye.then(()=>{Ye=null})),Ye}function Xe(e,t,r){e.dispatchEvent(dn(`${t?"intro":"outro"}${r}`))}var kt=new Set,ge;function Qe(){ge={r:0,c:[],p:ge}}function et(){ge.r||X(ge.c),ge=ge.p}function P(e,t){e&&e.i&&(kt.delete(e),e.i(t))}function H(e,t,r,n){if(e&&
          2024-04-18 08:18:21 UTC1369INData Raw: 2d 73 29 2c 58 65 28 65 2c 6f 2e 62 2c 22 65 6e 64 22 29 2c 61 7c 7c 28 6f 2e 62 3f 75 28 29 3a 2d 2d 6f 2e 67 72 6f 75 70 2e 72 7c 7c 58 28 6f 2e 67 72 6f 75 70 2e 63 29 29 2c 6f 3d 6e 75 6c 6c 3b 65 6c 73 65 20 69 66 28 54 3e 3d 6f 2e 73 74 61 72 74 29 7b 6c 65 74 20 6a 3d 54 2d 6f 2e 73 74 61 72 74 3b 73 3d 6f 2e 61 2b 6f 2e 64 2a 5f 28 6a 2f 6f 2e 64 75 72 61 74 69 6f 6e 29 2c 67 28 73 2c 31 2d 73 29 7d 7d 72 65 74 75 72 6e 21 21 28 6f 7c 7c 61 29 7d 29 29 7d 72 65 74 75 72 6e 7b 72 75 6e 28 6c 29 7b 42 74 28 69 29 3f 6d 6e 28 29 2e 74 68 65 6e 28 28 29 3d 3e 7b 69 3d 69 28 29 2c 64 28 6c 29 7d 29 3a 64 28 6c 29 7d 2c 65 6e 64 28 29 7b 75 28 29 2c 6f 3d 61 3d 6e 75 6c 6c 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 63 72 28 65 2c 74 29 7b 48 28 65 2c 31 2c 31
          Data Ascii: -s),Xe(e,o.b,"end"),a||(o.b?u():--o.group.r||X(o.group.c)),o=null;else if(T>=o.start){let j=T-o.start;s=o.a+o.d*_(j/o.duration),g(s,1-s)}}return!!(o||a)}))}return{run(l){Bt(i)?mn().then(()=>{i=i(),d(l)}):d(l)},end(){u(),o=a=null}}}function cr(e,t){H(e,1,1
          2024-04-18 08:18:21 UTC1369INData Raw: 2e 64 69 72 74 79 5b 74 2f 33 31 7c 30 5d 7c 3d 31 3c 3c 74 25 33 31 7d 66 75 6e 63 74 69 6f 6e 20 61 65 28 65 2c 74 2c 72 2c 6e 2c 69 2c 73 2c 6f 2c 61 3d 5b 2d 31 5d 29 7b 6c 65 74 20 63 3d 67 74 3b 79 74 28 65 29 3b 6c 65 74 20 75 3d 65 2e 24 24 3d 7b 66 72 61 67 6d 65 6e 74 3a 6e 75 6c 6c 2c 63 74 78 3a 6e 75 6c 6c 2c 70 72 6f 70 73 3a 73 2c 75 70 64 61 74 65 3a 55 2c 6e 6f 74 5f 65 71 75 61 6c 3a 69 2c 62 6f 75 6e 64 3a 73 6e 28 29 2c 6f 6e 5f 6d 6f 75 6e 74 3a 5b 5d 2c 6f 6e 5f 64 65 73 74 72 6f 79 3a 5b 5d 2c 6f 6e 5f 64 69 73 63 6f 6e 6e 65 63 74 3a 5b 5d 2c 62 65 66 6f 72 65 5f 75 70 64 61 74 65 3a 5b 5d 2c 61 66 74 65 72 5f 75 70 64 61 74 65 3a 5b 5d 2c 63 6f 6e 74 65 78 74 3a 6e 65 77 20 4d 61 70 28 63 3f 63 2e 24 24 2e 63 6f 6e 74 65 78 74 3a
          Data Ascii: .dirty[t/31|0]|=1<<t%31}function ae(e,t,r,n,i,s,o,a=[-1]){let c=gt;yt(e);let u=e.$$={fragment:null,ctx:null,props:s,update:U,not_equal:i,bound:sn(),on_mount:[],on_destroy:[],on_disconnect:[],before_update:[],after_update:[],context:new Map(c?c.$$.context:
          2024-04-18 08:18:21 UTC1369INData Raw: 7d 2c 70 72 65 66 69 78 3a 22 69 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 53 73 28 29 7b 72 65 74 75 72 6e 22 69 63 6f 6e 2d 22 2b 28 28 31 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2a 34 32 39 34 39 36 37 32 39 36 7c 30 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2e 73 75 62 73 74 72 69 6e 67 28 31 29 7d 66 75 6e 63 74 69 6f 6e 20 24 73 28 65 2c 74 2c 72 29 7b 76 61 72 20 6e 3d 74 79 70 65 6f 66 20 74 2e 66 69 6c 6c 3d 3d 22 73 74 72 69 6e 67 22 3f 5b 74 2e 66 69 6c 6c 5d 3a 74 2e 66 69 6c 6c 7c 7c 5b 5d 2c 69 3d 5b 5d 2c 73 3d 74 2e 74 68 65 6d 65 7c 7c 72 2e 74 68 65 6d 65 3b 73 77 69 74 63 68 28 73 29 7b 63 61 73 65 22 6f 75 74 6c 69 6e 65 22 3a 69 2e 70 75 73 68 28 74 79 70 65 6f 66 20 6e 5b 30 5d 3d 3d 22 73 74 72 69 6e 67 22 3f 6e 5b 30 5d 3a 22 63 75
          Data Ascii: },prefix:"i"};function Ss(){return"icon-"+((1+Math.random())*4294967296|0).toString(16).substring(1)}function $s(e,t,r){var n=typeof t.fill=="string"?[t.fill]:t.fill||[],i=[],s=t.theme||r.theme;switch(s){case"outline":i.push(typeof n[0]=="string"?n[0]:"cu
          2024-04-18 08:18:21 UTC1369INData Raw: 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 76 67 20 77 69 64 74 68 3d 22 27 2b 65 2e 73 69 7a 65 2b 27 22 20 68 65 69 67 68 74 3d 22 27 2b 65 2e 73 69 7a 65 2b 27 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 72 65 63 74 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 66 69 6c 6c 3d 22 77 68 69 74 65 22 20 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3d 22 30 2e 30 31 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 34 33 20 31 31 4c 31 36 2e 38 37 35 20 33 37 4c 35 20 32 35 2e 31 38 31 38 22 20 73 74 72 6f 6b 65 3d 22 27 2b 65 2e 63 6f 6c 6f 72 73 5b 30 5d
          Data Ascii: 1.0" encoding="UTF-8"?><svg width="'+e.size+'" height="'+e.size+'" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg"><rect width="48" height="48" fill="white" fill-opacity="0.01"/><path d="M43 11L16.875 37L5 25.1818" stroke="'+e.colors[0]
          2024-04-18 08:18:21 UTC1369INData Raw: 20 34 2e 30 30 30 30 31 20 33 37 2e 30 32 20 35 2e 30 32 39 33 31 43 33 34 2e 38 31 30 35 20 36 2e 30 35 38 36 31 20 33 31 2e 35 37 30 38 20 38 2e 33 33 36 39 31 20 32 39 2e 38 37 32 36 20 37 2e 38 33 34 31 43 32 38 2e 30 35 34 35 20 37 2e 32 39 35 37 37 20 32 36 2e 30 37 33 33 20 37 2e 30 30 30 30 31 20 32 34 20 37 2e 30 30 30 30 31 43 32 32 2e 31 39 39 32 20 37 2e 30 30 30 30 31 20 32 30 2e 34 36 37 39 20 37 2e 32 32 33 31 33 20 31 38 2e 38 35 32 36 20 37 2e 36 33 34 35 32 43 31 36 2e 35 30 34 36 20 38 2e 32 33 32 34 39 20 31 34 2e 32 35 39 31 20 36 2e 30 30 30 30 31 20 31 32 20 35 2e 30 32 39 33 31 43 39 2e 37 34 30 38 36 20 34 2e 30 35 38 36 31 20 31 30 2e 39 37 33 36 20 31 31 2e 39 36 33 33 20 31 30 2e 33 30 32 36 20 31 32 2e 37 39 34 36 43 38 2e 38
          Data Ascii: 4.00001 37.02 5.02931C34.8105 6.05861 31.5708 8.33691 29.8726 7.8341C28.0545 7.29577 26.0733 7.00001 24 7.00001C22.1992 7.00001 20.4679 7.22313 18.8526 7.63452C16.5046 8.23249 14.2591 6.00001 12 5.02931C9.74086 4.05861 10.9736 11.9633 10.3026 12.7946C8.8


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:10:17:36
          Start date:18/04/2024
          Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
          Imagebase:0x13f630000
          File size:28'253'536 bytes
          MD5 hash:D53B85E21886D2AF9815C377537BCAC3
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:false

          General

          Target ID:4
          Start time:10:18:05
          Start date:18/04/2024
          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          Wow64 process (32bit):true
          Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
          Imagebase:0x8e0000
          File size:2'525'680 bytes
          MD5 hash:2F8D93826B8CBF9290BC57535C7A6817
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          General

          Target ID:6
          Start time:10:18:20
          Start date:18/04/2024
          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          Wow64 process (32bit):true
          Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
          Imagebase:0x1220000
          File size:9'805'808 bytes
          MD5 hash:326A645391A97C760B60C558A35BB068
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Disassembly

          Code Analysis

          Call Graph

          • Entrypoint
          • Decryption Function
          • Executed
          • Not Executed
          • Show Help
          callgraph 1 Error: Graph is empty

          Module: Sheet1

          Declaration
          LineContent
          1

          Attribute VB_Name = "Sheet1"

          2

          Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

          3

          Attribute VB_GlobalNameSpace = False

          4

          Attribute VB_Creatable = False

          5

          Attribute VB_PredeclaredId = True

          6

          Attribute VB_Exposed = True

          7

          Attribute VB_TemplateDerived = False

          8

          Attribute VB_Customizable = True

          Module: Sheet2

          Declaration
          LineContent
          1

          Attribute VB_Name = "Sheet2"

          2

          Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

          3

          Attribute VB_GlobalNameSpace = False

          4

          Attribute VB_Creatable = False

          5

          Attribute VB_PredeclaredId = True

          6

          Attribute VB_Exposed = True

          7

          Attribute VB_TemplateDerived = False

          8

          Attribute VB_Customizable = True

          Module: Sheet3

          Declaration
          LineContent
          1

          Attribute VB_Name = "Sheet3"

          2

          Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

          3

          Attribute VB_GlobalNameSpace = False

          4

          Attribute VB_Creatable = False

          5

          Attribute VB_PredeclaredId = True

          6

          Attribute VB_Exposed = True

          7

          Attribute VB_TemplateDerived = False

          8

          Attribute VB_Customizable = True

          Module: ThisWorkbook

          Declaration
          LineContent
          1

          Attribute VB_Name = "ThisWorkbook"

          2

          Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

          3

          Attribute VB_GlobalNameSpace = False

          4

          Attribute VB_Creatable = False

          5

          Attribute VB_PredeclaredId = True

          6

          Attribute VB_Exposed = True

          7

          Attribute VB_TemplateDerived = False

          8

          Attribute VB_Customizable = True

          Reset < >